Everything looks good on the Fortigate. If you can take a screen shot of the route-table(s) on the Azure side that would work. It could be your not propagating the routes to the vNET from the VNG. By default, the VNG will route RFC1918 back down the S-2-S tunnel so if there is no route for the destination subnet in the VNG route-table it will not reach any host that resides there.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.