Hi all,

I'm sorry for the basic question, but this is my first time with a Fortinet and I'm struggling with static routes and PBR over an IPsec tunnel.

First, my basic system is working. I have an inbound IPsec server for users to connect to the Fortigate remotely and browse the web securely and access LAN resources. I also have standard port forwarding to a variety of internal server resources. I am on a dynamic WAN IP and using a single WAN (WAN1).

I've established an IPsec tunnel to a remote network and it shows as up. I'm solely testing now, but I want to route traffic for a very small IP range or subnet within side my class-c address to route ALL traffic over that IPsec tunnel.

So I want all traffic to default from internal to WAN1. Except, I've carved out a small IP range 192.168.1.209/255.255.255.240 which gives me a range of 192.168.1.209 - 192.168.1.222 which I want to go over the IPsec tunnel. I've created that as an address space.

I created IPV4 policy rules to:

- Go from IPsec to WAN1

- Go from Internal to IPsec using source addresses of that range

I also have default Internal -> WAN ALL, I'm not sure how to prioritize or re-sort these policy rules.

I don't have a default static route visible and I don't know the priority, but I tried adding a static route to the IPsec tunnel and it would never appear in my route monitor. I then created a Policy Based Route from Internal to IPsec for that range, but none of this will move any traffic.

In my testing for simplicity, I was willing to try to send ALL internal traffic over IPsec and I couldn't even get that working. I'm sort of at a loss. I don't have a remote IP to ping on the other network as it is a security service system that acts as a transparent proxy and I don't know any clients to hit over there to test the tunnel more, but the tunnel shows as UP in VPN monitor.

Thanks, I've tried a lot of settings and couldn't get any traffic to seemingly register across that tunnel.