I would like to connect branch 80f fortgates to main HQ using sd-wan, conditions that must be meet:
1.branch internet is routed back thru HQ fortigate
2.access from internet like wan management and SSL VPN on branch should be possible
3.access to other lan subnets on branch side should be accessible.
Now my concerns:
1. If I create ipsec tunnels between HQ and branch in tunnel mode so remote branch subnet 126.96.36.199/24 will have in ipsec selector destination as 0.0.0.0/0 - then I will not have access to other local subnets on branch side because ipsec steal all traffic and push to HQ.
2.If I create ipsec in interface mode, then I need to create static route with destination like 0.0.0.0/0 and gateway ipsec interface - in this scenario, any incoming connection from internet like remote web management or SSL VPN will be pushed throught ipsec tunnel = no connection.
How could I resolve this issues?