Check IPsec Tunnel Status: Open the FortiGate web interface and navigate to VPN -> IPsec Tunnels. Confirm that the IPsec tunnel is up.

Traffic Flow Check.

Go to Dashboard -> IPSec Monitor. Follow the instructions in Technical Tip: IPsec VPN: Site-to-Site tunnel monitor to understand IPsec Monitor:

Activate Debugs.

To monitor real-time traffic, activate debugs by running the following commands:

diagnose debug flow filter addr <destination IP address>
diagnose debug flow filter proto 1
diagnose debug flow trace start 100
diagnose debug enable

To stop debugs:

diagnose debug disable

diagnose debug reset

• Execute a Ping from the 1^st Site to the destination host (destination IP address) behind the 2^nd site.
• Review the logs and verify that traffic is passing between both sites successfully.

Common errors are shown in the logs below: 

id=20085 trace_id=5 msg="reverse path check fail, drop" <- Refer to Technical Tip: Details about FortiOS RPF (Reverse Path Forwarding), also called Anti-Spoofing.

id=20085 trace_id=25 func=fw_forward_handler line=719 msg="Denied by forward policy check (policy 0)" <- Make sure the correct firewall policy is created for IPsec traffic to allow PING traffic.

• By default, the ICMPv4-In rule in Window Firewall only allows for local subnet. Refer to this document to create a custom firewall rule Technical Tip: Ping Traffic not working between End Machines via IPSec Site-Site Tunnel, or disable the Windows Firewall, as explained in Microsoft's Turn Microsoft Defender Firewall on or off guide.