So your managing the few that has the DNAT VIP on it? You do not need a policy for that & if that is what your trying todo.
The FW is proprietary to our client, the policy was already in place, to describe what I found (look the attached image) :
1- They created two virtual IPs one for TCP and one for UDP
2- They created one Virtual IP Group with the two Virtual IPs
3 - They created the IPV4 Policy shown previously
So let's back up, you have a WAN+INTERNAL setup? and using libreNMS to poll the SNMP-agent on the wan side? If yes, did you enable allowacces for "snmp"?
Yes, SNMP is working just fine because as soon as I remove the VIRTUAL IP Group from the IPV4 policy and replace it with "ALL" it works