Thank you for reaching out.
If I have understood the question correctly, you want all the traffic from your Virtual Network via Fortinet, but the PCs deployed in the Subnet-1 and Subnet-2 in the same Virtual Network still can communicate with each other even though you have restricted this communication in Fortinet.
Based on my understanding above, I think the PCs are stilll able to communicate with each other because Azure routes traffic between all subnets within a virtual network, by default. In order to restrict this access you will have to create custom UDR. In the route table you need to create a route for Subnet-1 with the Next Hop as Virtual Appliance and link this route table to Subnet-2, similarly you can create another route table and link it to Subnet-1.
A similar scenario is explained clearly in this tutorial. You can follow it to get more information on the required routes.
Hope this answers your query. If I did not understand your questions clearly, it will help if you could provide a rough network diagram of your set-up. Thank you!
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.