Imagine you are the router/FGT. Now you see traffic to e.g. 192.168.1.4 from both
the LAN port and the tunnel interface. Now, where do you send the reply traffic to??
It doesn' t matter if the tunnel client is software or another FGT, the receiving FGT cannot see any difference in the traffic.
"Kernel panic: Aiee, killing interrupt handler!"