On FortiGate, it is configured a policy route to forward traffic over a site-site IPsec tunnel but traffic is not matching as expected.

With this policy route in place, traffic from 10.0.0.5 to the Internet should be routed over an IPsec tunnel named 'dial'. However, the debug flow shows that traffic is using wan2:

2024-01-08 11:10:48 id=20085 trace_id=10 func=print_pkt_detail line=4368 msg="vd-root received a packet (proto=1, 10.0.0.50:53807->8.8.8.8:8) from interface. code=8, type=0, id=53807, seq=7811."
2024-01-08 11:10:48 id=20085 trace_id=10 func=init_ip_session_common line=4517 msg="allocate a new session-023deb7a"
2024-01-08 11:10:48 id=20085 trace_id=10 func=iprope_dnat_check line=4547 msg="in-[interface], out-[]"
2024-01-08 11:10:48 id=20085 trace_id=10 func=iprope_dnat_check line=4560 msg="result: skb_flags-00800000, vid-0, ret-no-match, act-accept, flag-00000000"
2024-01-08 11:10:48 id=20085 trace_id=10 func=vf_ip4_route_input line=1596 msg="find a route: flags=00000000 gw-x.x.x.x via wan2"

Verify the policy route, here there is no policy route matching:

This happens because there is no IP assigned to the tunnel interface. After assigning the IP and putting the gateway in the policy route, it is possible to see that the route is matched.