First, SSL offload mode "client<->FortiGate" means that the client <-> FortiGate path uses TLS, but the FortiGate <-> Server segment is plaintext HTTP. Since you're using port 443 for the real-servers, that suggests a mismatch. FortiGate is sending plaintext to your real-servers, while those servers probably(?) expect encrypted HTTPS.
You should either switch to SSL full-mode, or forward the traffic to plaintext HTTP port of your real-server(s) (if they are ready to process plaintext HTTP traffic).
Second, it is a bit strange that your two real-servers are the same IP and the same port. This feature is typically used to redirect traffic to different real-servers. If everything really goes to a single real-server in your scenario, then you should consider two other options that are even simpler:
1, Just a basic VIP (only if the realserver is supposed to terminate the TLS connection and has its own valid certificate)
2, The same HTTPs-type server-load-balance VIP, but leave the balancing method to "static" and use just a single real-server. (no need to duplicate it)
[ corrections always welcome ]