I have setup an IPsec VPN to Azure VWAN based on the FortiNet Cookbook article.
Cookbook | FortiGate / FortiOS 6.2.11 | Fortinet Documentation Library
It is working, and BGP is Advertising routes from the Internal LAN to Azure and vice versa.
My problem is that, when connecting to the FortiGate using the SSL VPN, I cannot use services hosted in Azure. Azure does not have a route back to my VPN IP range. I assume this is because the VPN pool is not considered an Internal Network.
I think the way to solve this is to create a new VLAN on the LAN side (which will be advertised via BGP) and use NAT from the VPN Pool to the LAN network.
Is this the correct approach to solve this problem? If so, could someone point me in the correct direction as to how to do this?