I am completely new to FortiGate. We did a dry run a few weeks ago and for the most part routing seems to be working when I swapped the two 60Ds in place of the current pair of ASAs. What I did not have in place was the VPN tunnels which I'm aiming to do this weekend. So that I don't get stuck on the insane hold times with support was curious if anyone has any hints on making sure I nail this the first-ish time? Not finding much help in documentation or cookbook.

The 60Ds are replacing a pair of Cisco ASAs and I have the configuration converted via the Fortinet tool so most the commands/configs are there and ready for me to parse through. Though this is not perfect giving an automated tool. If I'm understanding things correctly the best way for me to tackle this is with policy-based VPN. Creating Interface Zones or tying the VPN configuration to interfaces was becoming problematic for my environment.

After creating two custom VPN tunnels they now show up as Interfaces. In Phase 2 for both configurations I left the network segments and subnet masks to all zeros. My thinking is I'll use policies to then permit the specific traffic to and from as required.

Also are VLANs capable of communicating with each other by default or do I need to place a policy for such communication?

Thank you for any help anyone can give.