Hello everyone,
I have two Fortigates:
A Fortigate 60F and a Fortigate 70G.

On the Fortigate 60F, there is a WiFi network, where I reserved the IP address 172.16.10.110.
The Fortigate 60F is connected to the 70G via a link and a static route:



All traffic destined for the 70G must pass through the 60F.
Conversely, on the 70G:



The connection works well, everything works fine.

Now, I tried to restrict access to the 60G GUI (https://10.0.1.0:40443) using two local-in-policies:

config firewall local-in-policy

    edit 1

        set uuid 5c0a2180-47a5-51f0-1e8d-733b986f1a94

        set intf "any"

        set srcaddr “My_IP_ADDRESS”

        set dstaddr "login_group"

        set action accept

        set service "HTTPS-40443"

        set schedule "always"

    next

edit 2

        set uuid 71f5a26c-47aa-51f0-21c9-79d49494eb3e

        set intf "any"

        set srcaddr "all"

        set dstaddr "login_group"

        set service "HTTPS-40443"

        set schedule "always"

        set status disable

    next

The first rule allows access only to me, the second rule denies access to everyone else.
Everything works correctly.
In fact, if I check administrator access on the 60F, my IP address is correct and therefore it can be filtered.



I want to do the same on the 70G, blocking access to https://172.16.1.1:40443/, defining “My_IP_ADDRESS” in the same way and defining "login_group" consistently. However, what happens is that the final deny policy blocks everyone, including me. My IP is still 172.16.10.110, since I am always connected to the same network, but the Fortigate 70G, I believe, does not see me as 172.16.10.110, but as 10.1.0.1, and I notice this by checking my access to the 70G GUI:



So, the first accept policy, reserved for 172.16.10.110, is ignored.
How can I solve this problem?
Has anyone experienced something similar?