first, almost no one uses Policy Based VPNs anymore. If you happen to know Check Point firewalls, then Policy Based VPN is like Traditional Mode VPN in Check Point, still exists, but a legacy feature.
The main difference is that Policy based VPN uses Security Rules to determine where to send encrypted packet, and what traffic to encrypt. The Route based VPN uses routes to decide where to send the traffic, and Security rules for, well security decisions what to allow and what not to. So, with Route based VPN you have to create tunnels specifying all IPSec-related settings, add routes for remote networks, create Security rules to allow traffic. It is simpler to configure/maintain/debug and you can run dynamic routing protocols as if it were regular interfaces, which you cannot do with Policy based VPNs.
With route-based VPNs, a policy does not specifically reference a VPN tunnel.
The number of route-based VPN tunnels that you create is limited by the number of route entries or the number of virtual interfaces that the device supports, whichever number is lower.
Route-based VPNs support NAT for virtual interfaces.
Route-based configurations are used for hub-and-spoke topologies.
With a route-based approach to VPNs, the regulation of traffic is not coupled to the means of its delivery. You can configure dozens of policies to regulate traffic flowing through a single VPN tunnel between two sites, and only one IPsec SA is at work. Also, a route-based VPN configuration allows you to create policies referencing a destination reached through a VPN tunnel in which the action is deny.
Route-based VPNs support the exchange of dynamic routing information through VPN tunnels. You can enable an instance of a dynamic routing protocol, such as OSPF, on a virtual interface that is bound to a VPN tunnel.
With policy-based VPN tunnels, a tunnel is treated as an object that, together with source, destination, application, and action, constitutes a tunnel policy that permits VPN traffic.
The number of policy-based VPN tunnels that you can create is limited by the number of policies that the device supports.
Policy-based VPNs cannot be used if NAT is required for tunneled traffic.
Policy-based VPNs cannot be used for hub-and-spoke topologies.
In a policy-based VPN configuration, the action must be allow and must include a tunnel.
The exchange of dynamic routing information is not supported in policy-based VPNs.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.