@Toshi_Esumi I'm seeing 'syn' attempts on the WAN interface but nothing beyond that so it's probably the routing policy or VIP setup that's at fault!

Below is the outbound route which is working fine for traffic requests from the server

Outbound Route

The inbound policy route looks to be the one causing the issue and the most confusion.
Incoming interface needs to be the WAN port
Source address, should that be 0.0.0.0 or the public IP
I'm assuming that the destination address needs to be the server in the DMZ
I've got the protocol set to TCP and destination port 80
I've set it to forward traffic to the DMZ port and gateway. 
The traffic is not getting there so there's something wrong with the rule as i've set the firewall pretty loosely at the moment until we get this working!

Just show us the inbound policy and the vip config in question. And if the out-to-in access to the server is HTTP or HTTPS, make sure you disabled HTTP/HTTPS admin access at port2.

It's unlikely affecting it though because your interface IP is .90 and the packet's dst is .93.

Toshi

We got it fixed after a lot of swearing! It sprang into life after we turned on asymmetric routing!
Thank you for your assistance @Toshi_Esumi  

It would not be a solution in most situation since if you enable asymm routing, the FGT wouldn't work as FW any more. It would work as just a router.
Instead, you should resolve why incoming and outgoing are through different interfaces.

Toshi

Fair enough @Toshi_Esumi 
We went through the fault finding yesterday
The diagnostic trace showed

func=ip_route_input_slow line=1696 msg="reverse path check fail, drop"

We then when through this
which is where we came up with the asymmetric routing

What we have set is laid out below but we need your advice on the inbound bit!
The default route for most users and systems is set to use
1.WAN (port17)
Admin Distance 10
Priority 1
This is a broadband connection

A small number of systems are going to use
2.STATIC (port2)
Admin Distance 8
Priority1
This is a static internet connection with a /29

The systems using the static connection are in a DMZ
DMZ-SW (port15)
This is set as the gateway for NET-DMZ a /24 subnet

We have set policy routes for the outgoing traffic as per below

VIP's are set for each of the public IPs as type overload with just a single IP for each IP pool

Firewall we have setup a rule

With this setup, we can reach the internet and a "what's my IP" query showed the correct public IP.

For the incoming traffic, we setup Virtual IP's

On the firewall we've setup 

The bit we are struggling with is what to set for the inbound routing.
We can't do 1:1 routing on the public IP's as we are going to be running more than one service through them

Are we supposed to set a policy route?
If so, should the source address be 0.0.0.0/0 or the public IP for that service
We have tried both of the below and it's not been working for either

Please advise us on what we need to set to get port 80 traffic to the specific public ip on 2.Static into SRV-Web1 via the DMZ-SW interface as non of the guides and threads i've found online so far have been any help!

Whichever the /29 subnet is routed by the ISP, one default route needs to be pointing back to the incoming interface. Otherwise ends with "reverse path check fail, drop". Do you have default routes to both interfaces in your routing table? Check in below command:
   get router info routing-t all

Toshi