2. Mostly - they all are isolated from one another
3. I need an access from a specific IP A to IP B from from Network A to Network B and vice verse
4. I've created mirroring policies, allowing traffic from Source IP A from incoming Interface A to Destination IP B from outgoing Interface B and created second policy, where changed places and source is B and destination is A.
5. I can ping from A to B, but can not from B to A.
You didn't mention about interfaces, if A and B are connected on two different interfaces, or VLAN subinterfaces, etc. But if so, I would sniff on interface for A while pinging from B to see if they're going out. If not going out, it's time to run "flow debug" to see why the FGT drops them. You can find many discussions and articles about flow debug on the internet.
Also mind the order of your policies! POlicies are handled top-down and the first match wins the packet. So if there is a policy that matches the packet and blocks it in front of you mentioned ones then it will be hit instead!
Also reverse Policy is only needed it connections shall be initiated from both sides.
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Could you please advise me, as I can't figure that bymyslef. How can I keep a port in local tcp session between two IPs 192.168.10.10 and 172.18.1.1 for example? I see on an end device, taht session was start from port 9002 but on a destination address it goes to 60601 for example. And I need exact mah 9002 -> 9002. I have NAT enabled and "preserve source port" as well. Can I do it via Virtual IP port mapping?
the KB shows external to internal IPs, but you can apply this KB to internal (or local) subnets. basically, it's doing static NAT between your 2 networks.
But, from what you request at the beginning of the post, you need to access server B (192.168.10.30) from server A (172.18.1.10) , which are located on subnetB (192.168.10.10 on the FGT) and subnetA (172.18.1.1 on the FGT).
* serverB: configure either a defaut route, or a /32 route to 172.18.1.10 through 192.168.10.10
* serverA: configure either a default route, or a /32 route to 192.168.10.30 through 172.18.12.10
* configure firewall policy or policies if both networks can be source network. If you don't use NAT, then your original ports will be kept. Otherwise, you can follow the KB, and have static NAT.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.