Hello Fortinet community,

I have set up an IPsec connection from FortiGate to AWS, and I'm currently facing a challenge with enabling internet access for my AWS EC2 instances through the IPsec tunnel. Here's a brief overview of my setup:

• AWS VPC: I have a private subnet containing various services, including EC2 instances.
• FortiGate: I have two networks - a DMZ network and an internal network. Both can communicate with the EC2 instances without any issues.

However, I want to allow the following path for my EC2 instances:

EC2 ===> FortiGate 1 ===> Internet

To achieve this, I've configured the AWS route table to have a route with destination 0.0.0.0/0 pointing to the virtual private gateway (VGW) to handle internet-bound traffic.

On the FortiGate side, I've implemented two policies. The first policy allows traffic from the WAN to AWS IPsec, and the second policy allows traffic from AWS IPsec to the WAN.

Despite these configurations, the setup isn't functioning as expected. When capturing traffic on the FortiGate, I see the following result for a ping request:

1 0.000000 192.168.16.44 8.8.8.8 ICMP 60 Echo (ping) request id=0x0001, seq=51820/27850, ttl=128 (no response found!)

This suggests that the ping request from 192.168.16.44 (presumably one of the EC2 instances) to 8.8.8.8 (Google's DNS server) did not receive a response.

I'd greatly appreciate any guidance, suggestions, or troubleshooting steps to resolve this issue and enable internet access for my AWS EC2 instances via the FortiGate IPsec connection.

Thank you for your time and assistance!