You have the VPN setup using proxy id
set security ipsec vpn IPSEC-VPN ike proxy-identity local 10.123.9.0/24 set security ipsec vpn IPSEC-VPN ike proxy-identity remote 10.123.3.0/24
As a result the only traffic that will use the tunnel is that which matches this combination of source and destination address.
In order to send all internet traffic across the tunnel you need open proxy id, which is none on the SRX setting up 0.0.0.0/0 to 0.0.0.0/0 as the allow ip lists permitting the sending of any traffic. You will need to see if Fortinet will support that configuration.
then routing will need to change one of two options.
Option A
After the tunnel is setup to allow the traffic you will need to set your default route to point to the tunnel interface instead of your ISP.
Then you will need a specific route to the ISP for the public gateway ip address of the other side of the tunnel so that this traffic will work correctly.
Option B
Put the tunnel interface and local LAN into a routing instance with a routing instance default route to the tunnel interface. This will push all client traffic from the devices up the tunnel.
the gateway and other setup remains in the root routing instance.