Re: ping check wan failover
Probably the easiest way is to use the built in Loadbalancer (wan-link-load-blanace WLLB).
Set some ping check for availability (in 5.4 or greater this can all be done in webinterface, not sure about older versions though).
You could set WLLB to do volume based balancing with 100% of traffic on wan1 and none on wan2. This will then route all traffic to the internet via wan1 except if the ping check reports wan1 down. In this very case WLLB will automatically use wan2 instead.
This works fine here on over 16 FortiGates.
It however will not affect VPN Tunnels. If you want VPN Fallback you will have to have redundant tunnels on each wans and at least priority based routing. This is how I do this here with our ipsec Tunnels. There es one for every lan from every FGT to our FGT and priority based routing for the subnets going over those.
If then one wan on one side is down that tunnel will drop and it will switch to the second route over the second tunnel within a second.