I'm considering abandoning the attempt and moving to a linux-based vxlan bridge downstream of the Fortigate.
That is not a bad idea! That leaves me with another device that I have to secure and keep updated. But there are plenty of thin distros out there that could do it.
The issue on the Fortigate side is it forces you into software switch, physical port, etc. so you lose physical redundancy, port aggregation, and throughput is going to be severely limited by fowarding on the CPU. Their vxlan implementation seems to be a sloppy afterthought.
I was thinking the same thing. There seems to be a weird breakdown on the return path through the three soft-switches that I had to create to make this all possible. Not to mention, none of the KB's really give a play-by-play to make any of this work. I don't typically stray into the CLI of a FortiGate. And the first KB that I pulled up on the topic of VXLAN was with using ports that are part of the LAN soft-switch, with no instructions on removing ports from the built in soft-switch.
While it may be possible to do some of this from the web GUI, there are certain elements such as multiple VLAN's on a single VXLAN VNI which are only supported in the CLI. Weird.