Route is selected but does not actually pass traffic (hit count increments). Both sides configured with opposite IP on the tunnel, can ping the IP of the local tunnel assigned address but not remote. Tried also just configuring only the branch side of the private IP, but that also doesn't work.
Tunnel is up and working.
Policies are in place and working (tested using a Juniper firewall which does not require the IP be assigned to the interface for policy based routing, traffic flows as expected on that equipment)
Anyone have this working? What did you do or what does the configuration look like on both sides?
Not a distance, which is a different matric. Leave the default value (10?) for distance for both. You might need to expand "Advanced Options" in GUI to see Priority setting. I regularly use CLI so I'm not familiar how it would look like.
Right, made those changes, but the traffic still does not pass. It selects the policy fine for routing but the traffic never hits the permit rule nor the remote site, the firewall rule shows a hit for traffic from the policy selected IP hitting the rule to permit the traffic outbound to the VPN interface but no traffic passes back, even though on another firewall at the branch end (the Juniper) it does. . .
I'm going to open a TAC case but if you have any other suggestions I'd appreciate them.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.