I am not able to bring the tunnel up yet so have tested using route lookup and policy lookup to make sure everything is in place for when tunnel is up. Route lookup hits the blackhole so no use. Policy lookup says no route (which is technically true given it all blackholes). I can't understand why the route blackholes though when there is a lower distance route available.
I am sure I am missing something really obvious as I've not done this for a long time. I've checked against other sites with same setup and can't see what I have done wrong, but I am going blind to the setups now a I have stared at them so much.
I just used the "policy lookup" and "route lookup" in the GUI. Simple, but usually matches a route/policy if things work even when the interfaces are down. Doesn't test but does tell me if there is a route or policy out, and in this case it matches the blackhole route and not the actual route.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.