We are facing the similar kind of an issue where we are able to reach from PC behind a Site A firewall to PC2 behind Site B Firewall. The MAC ARP response is properly received from one way.
However, if we ping from PC2 to PC1 then ARP reply what is MAC of PC1 is received by Site A firewall but Site A firewall is not putting it in VXLAN tunnel. Can any one help that in which case why the Firewall is not putting the MAC response in VXLAN tunnel.
We have managed to resolve the issue by setting the load balancing on port group to "Route based on physical NIC based". To set the configuration, select the port group then Teaming and Failover ---> here set the load balancing to "Route based on physical NIC based".
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.