I have a 60D running 5.2.3. I have two WAN connections, one for all the VoIP and the other for all other data. The VoIP network moves all it traffic out the voice WAN and all other networks move data out the data WAN. If the voice WAN goes down then all the voice traffic is rerouted out the data WAN. When the voice WAN comes back up the traffic is rerouted back to the voice WAN. The same goes for the data WAN when it fails, it goes to the voice WAN then back to the data WAN when it comes back up. I have all this working as expected right now.
My problem is that when the WAN link is restored none of the failed over sessions are rerouted back to their proper interface until there is a new session created. This means that it is possible for traffic to be routed out the wrong interface for a long time. How do I get these fail over sessions to terminate and create new sessions going out the proper WAN interface when that WAN interface comes back up? I can do this with my Cisco router automatically, but I need to get this same behavior with the Fortigate.
First, it's not 60D if you can run 6.4.7. Must be either 60E or 60F.
We use multiple IPSec VPNs and set up BGP to failover traffic into the tunnel for many customers. They're not NATed. But we don't have any "session stuck" issues for those cases. My assumption was the "session stuck" happens only when NAT is involved.
I recommend you open a ticket at TAC to get it looked into.