Hi,

We are planning on rolling out a handful of Fortigates 90G - currently we have 3 setup in a non-production environment. We are receiving a TLS link between some sites and other sites will use ADVPN Hub\Spoke with SD-WAN and dual ISP. The VPN part is working fine and so I've removed those links for the time being. 

For the TLS we have 2VLANs on our hub FortiGate (200,300) setup under port3. 

Our PC connected to the main Fortigate can each all other Fortigates. The other PCs connected to the other Fortigate can reach the hub but cannot each the Fortigate at the other end. The reason looks like BGP is not interesting the route into the routing table. As it is the only path to the destination, I am not sure why and am clearly missing something. 

Willing to post any config that will help. Here are screen captures of what I'm referring to. The first one is the main Fortigate where the trunks for the TLS from our ISP will come in and the second one is the branch location. This is NOT using a VPN and is just a LAN link with routing.