Hello my fortigate 60E version 7.0.5 I started to get cloud service and I will use the SAP program. Cloud system has WATCHGUARD firewall I'm doing IPSEC tunnel>Custom in Fortigate interface, phase 1 is connected-phase 2 seems to be connected, but I can't ping SAP servers
SAP server on cloud side pinging my side My policy rules look good Static Route part is also correct but I cannot access SAP servers from Local network
As I understand, the tunnel is up and you have issue in pinging from your local network towards SAP servers on remote end.
A sniffer would quickly help identify if traffic is allowed from local network towards remote end through the VPN tunnel.
#diag sniffer packet any 'host <sap server IP address> and icmp' 4
Once traffic is confirmed to be send through tunnel, we should be able to check on the remote end if they are received and whether policies are in place to allow this icmp traffic towards SAP servers. And if so, you may also check if SAP servers have any endpoint protection/firewall which needs to allow icmp traffic.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.