I've been told (but so far not been able to test fully) that the bug has been fixed in 5.4.5.
Well to be accurate our account management tech support said the dev's have not been able to re-produce the bug in 5.4.5, so sounds like the fix is a by -product of annother bug fix.
As I said I haven't tested it yet so if you try it, let us know. Our 100Es on 5.4.4 are in production so I don't want to install 5.4.5 until it's been out for a little while longer and I can have some confidence that there aren't other issues. 5.4.5 seems fine on our development kit at the moment to be fair.
Bringing this old thread back up to report the same issue has reappeared in 7.2.x, the same workaround works as well, ie. disable npu-offloading on p1 ipsec. From our testing this affects the ingress ipsec tunnel interface. Tested in 7.2.5 and 7.2.6
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.