This is bit complex setup and I would advise you take proper help from
our PS team to design this setup with multiple HUB and multiple WAN
links. But here are some suggestions if you wish to try yourself. - You
will have 4 overlay tunnel from each sp...
Please capture logs from the PC, FTNT Firewall and other devices if
possible simultaneously while you the face issues. I could see that you
aren't using FortiGuard DNS and also the sniffer output looks fine.
Spoke1 & 2 need to be connected with Hub 1 and Hub2 (Both hubs are
running with separate services) - Each spoke will have routes learned
from HUB1 and HUB2 respectively. I am assuming the same routes are not
learned by Spoke from each HUB as you have...
You may try to create a IP pool Firewall Object in Global ADOM and Use
that IP pool in Global ADOM Policy Package. In each individual ADOM you
may edit that IP Pool Object for per device mapping.
As gfleming said you are making this so complicated. You have your PC in
subnet 192.169.20.x and its default GW is on the Router. Router has a
default route to FGT LAN IP 10.77.77.1 and your internet is working fine
which means policy and NAT is fine...