Hi,
and welcome to the forums.
ECMP and DGD have different functions and are not alternatives. Rather, DGD enhances link failure detection which ECMP uses to change the routing.
Without using DGD, the FGT would only detect a line failure via the link status. So only in case the next connected device would fail it would tear the WAN port down. With DGD, the FGT actively sends out hello packets to a target host nearby (which you' d configure) to test if the link really carries traffic.
What happens if the link is determined ' down' is that the route via this port is deleted from the routing table so that no further traffic is routed into Nirwana.
ECMP is a special condition of the routing setup, namely if 2 routes with the same distance and priority are configured. The FGT decides which way to use (usually in a round-robin fashion) for outgoing traffic. If one route is deleted it seamlessly switches over to using just the remaining route.
In your case you' d set up the VPN link as usual, make it permanent (i.e. auto-negotiating) and create a route for it. This route then has to have a higher cost or priority so that it' s not used if the MPLS link is up. Needless to say that the VPN needs to be set up in interface-based (route-based) mode for this.
You need either 2 sets of identical policies for each WAN line or put both WAN ports into a zone and have only 1 set of policies to that zone.
One more idea: you should set up your routes in such a way that in case of the MPLS failing all traffic is routed across the VPN, and from the remote side into the internet. Otherwise, you' d lose internet access but keep the site-to-site link.
Close study of the FortiOS Handbook with many examples is recommended.
Ede
"Kernel panic: Aiee, killing interrupt handler!"