Just so it's documented, I opened a ticket on this one and it was configured correctly. The issue was something that had to be enabled in the CLI - though Fortinet support agreed it should have been working as I had it set. Here is what they had to do:
config firewall policy
edit 14 (that was the policy which referenced the ssl.root source > wan1 > 192.168.3.x destination config)
set outbound en
..For some reason inbound was enabled and outbound was set to disabled in that policy. Took support about an hour to figure out.
I'd have never found that one!
Either way, that did it..no explanation why it was disabled in the first place, but whatever.
Thanks for all the help!