A new Fortigate 40F, i configured a Virtual IP with port forwarding and a policy for Cameras NVR and it worked, i succeeded to reach them from outside the network.
The problem is, that all the computers from the Lan should access the internet via IPSEC tunnel (to be recognized by different external IP address) so i configured a static route to 0.0.0.0/0 with the IPSEC interface and then policies from Lan to IPSEC interface and vice versa with NAT disabled.
The IPSEC Phase 2 is from the Lan subnet to 0.0.0.0/0 as well.
The computers can access the internet successfully but the cameras aren't reachable and i can't access the web management interface of the firewall as well from outside.
I tried to configure some route policy but still not working.
My first thought here would be to check the routing table and ensure that all local routes have a lower distance than the default gateway. A traceroute from a non-working source should confirm the bad route.
You've created asymmetrical routing. The traffic is coming into the fortigate and being port forwarded, but the return traffic is going across the tunnel and out via a different public IP.
You either need to setup policy routes for the camera(s) to go direct out to the internet, or setup the port forwarding on the other side of the tunnel.
Same reason for not being able to externally manage it anymore. Traffic is being returned over the ipsec tunnel. As it is(unless you have other routes) it cannot access the internet unless that tunnel is up. And, if you didn't create a static route for the IP of the other end of the tunnel, if may not come back up if it goes down.
Or, the local static default route with a high number of priority in addition to the default route toward the tunnel (priority 0 by default). So that the incoming access to the camera from the local wan interface via VIP can go back out to the local wan instead of going across the tunnel.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.