We have a Fortigate VM in Azure (6.4.10) which is supposed to have about six (6) IPSec tunnels to ZScaler.
The reason for that many tunnels: Each tunnel is supposed to only offer 400 Mbit/s (we tested 1 Gbit/s, but its still not enough).
This is why I wanted to configure six (or so) IPSec-Tunnels, then put them in one SD-WAN zone, use a single performance SLA and then use a SD-WAN Rule to ZScaler Entry Point (eg. 126.96.36.199) with "Maximize Bandwith". The hope was it will use all the IPSec tunnels.
However, I am failing at the routing (static route).
When configuring a single static route to 188.8.131.52 using one single tunnel, I can see the routing entry in the routing table - and it works.
However, using the SD WAN zone as interface in the static route results in NO entry in the routing table. None, whats'o'ever.
As far as I understand this is because my IPSec tunnels to ZScaler don't have any IP addresses allocated in the "system interface" part (no local ip or remote ip). According to my information ZScaler does not provide that.
Am I the only one failing at this part? Is there no solution for connecting the Azure clients via Fortigate VM to ZScaler IPSec and SDWAN?
Thanks for your help