It might be better if you post your (sanitized) configs here for both
the FG and 2900 side. I have both interface mode and policy based
tunnels between 2911' s and FG' s all over the place, as well as ASAs,
Sonicwalls, etc, I' m sure we can point you...
You can route /32' s into VDOMs from an ' Outside' VDOM (or use root). I
do this in some situations. It' s a bit more complicated/annoying to
deal with but it has it' s advantages. I will say, using anything but
root for your ' outside' VDOM is going...
You could also assign the current ' LAN' public IP subnet as a secondary
IP subnet on the fortigate WAN. You can then use these IPs in VIP' s/NAT
IP Pools etc for services that may be in your LAN or DMZ/etc.
