Hello everyone, I have a question. Thank you. My FortiGate 401F is used as the data center egress firewall, establishing IPSEC tunnels with firewalls at various branch sites. The headquarters has a fixed public IP address, while the branches do not. The branches access the Internet via PPPoE dial-up.

Current Version: V6.4.13 build5455 (GA)
Target Version: v7.2.10.M-build1706
Mode: NAT
Device Model: FortiGate 401F
Upgrade Path

First Upgrade
form:FGT_401F-v6.4.13.M-build5455-FORTINET
to:FGT_401F-v7.0.12.M-build0523-FORTINET

Second Upgrade
form:FGT_401F-v7.0.12.M-build0523-FORTINET
to:FGT_401F-v7.0.14.M-build0601-FORTINET

Third Upgrade
form:FGT_401F-v6.4.13.M-build5455-FORTINET
to:FGT_401F-v7.0.12.M-build0523-FORTINET 1F-v7.0.14.M-build0601-FORTINET
to:FGT_401F-v7.2.10.M-build1706-FORTINET

After upgrading FortiGate to v7.2.10, one branch site experienced network anomalies (network communication at other sites was normal). The branch site's IPSEC tunnel was established normally, but the branch's private network address could not communicate with the headquarters' private network address. Comparing the FortiGate configurations before and after the upgrade revealed no changes. I disabled the static routes to the branch site in the headquarters' FortiGate's static routing options (these static routes have a destination address for the branch site's network segment and a next hop of the IPSEC interface). Network communication between the headquarters and the branch site resumed normally. What causes this problem? Is there something specific to v7.2.10? Why do I need to disable these static routes to restore normal network communication between the headquarters and the branch site? Why are these static routes active in V6.4.13, but communication between the branch site and the headquarters site is normal?