In this example, two site to site VPN tunnels are configured with the following settings:

Tunnel1 with remote subnet (traffic-selector) = 172.16.20.0/24. 

Tunnel2 with remote subnet (traffic-selector) = 172.17.20.0/24. 

However, when sending traffic to 172.16.20.1, traffic is routed to Tunnel2 instead of Tunnel1. 

Example packet captures.

diagnose sniffer packet any 'host 172.16.20.1' 4 0 l
2026-01-02 13:28:46.840894 Tunnel2 out 172.16.10.1 -> 172.16.20.1: icmp: echo request
2026-01-02 13:28:47.841117 Tunnel2 out 172.16.10.1 -> 172.16.20.1: icmp: echo request

Routing table also pointed to Tunnel2. 

get router info routing-table details 172.16.20.1

Known via "static", distance 5, metric 0, best
* via Tunnel2 tunnel 192.168.30.3 vrf 0, tun_id

This issue happens because 172.16.20.1 is assigned to Remote IP of Tunnel2 interface under Network -> Interfaces -> Tunnel2, which conflicts with the remote subnet of Tunnel1.

Because that IP is assigned to Tunnel2 Remote IP as shown above, FortiGate creates a static route for 172.16.20.1/32 via Tunnel2 which take precedence over the 172.16.20.0/24 route via Tunnel1 because of longest-prefix-match. 

get router info routing-table all
S 172.16.20.0/24 [10/0] via Tunnel1 tunnel 192.168.20.3, [1/0]
S 172.16.20.1/32 [5/0] via Tunnel2 tunnel 192.168.30.3, [1/0]  
C 172.16.20.2/32 is directly connected, Tunnel2
S 172.17.20.0/24 [10/0] via Tunnel2 tunnel 192.168.30.3, [1/0]

To resolve this issue, assign different IP/subnet to Tunnel2 and ensure it does not overlap with any local or remote subnets. 

After changing the Remote IP of Tunnel2, traffic is routed to Tunnel1 correctly. 

diagnose sniffer packet any 'host 172.16.20.1' 4 0 l
2026-01-02 13:40:35.628562 Tunnel1 out 172.16.10.1 -> 172.16.20.1: icmp: echo request
2026-01-02 13:40:35.630178 Tunnel1 in 172.16.20.1 -> 172.16.10.1: icmp: echo reply
2026-01-02 13:40:36.628849 Tunnel1 out 172.16.10.1 -> 172.16.20.1: icmp: echo request
2026-01-02 13:40:36.629416 Tunnel1 in 172.16.20.1 -> 172.16.10.1: icmp: echo reply