This is all guessing based on your information provided.
Your WAN Interface IP (based on what I'm seeing) should be 172.21.106.2/31 (maybe it's /30). Your default gateway should be 172.21.106.1. You can then use NAT rules or virtual IPs to utilize the public ip addresses for outgoing traffic, depending on what your goal is.
Actually I use the IP address of 172.21.106.2 with Default Gateway 172.21.106.1 on the Fortinet 60E, but I failed to connect to Internet. I can ping 172.21.106.1 which I think the IP is the Fibre Optic router from PCCW. Please kindly advise that I cannot even connect to the Internet.
1) Did you add a default gateway route? (0.0.0.0/0 to 172.21.106.2)
Yes. The default gateway route IP:172.21.106.1 added already.
2) How are you trying to determine that you are "connected to the Internet"
I can ping the DG:172.21.106.1, but unable to ping the DNS IP address on the 60E Firewall.
3) What service is this firewall/connection providing? Is it Internet service for users? Is it hosting services (web/dns/whatever)?
The Internet line from PCCW is major for Internet service (Around 30 users)
4) Are there any other pieces of networking equipment involved?
There is only a Fibre Router from the ISP, PCCW, in front of the 60E Firewall.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.