fortigate registration over ipsec VPN
I have installed a new FortiGate 60E (FortiOS 5.6.4) as a branch office FW. All the traffic (0.0.0.0/0) is routed through a VPN to our HQ. I'm using the wan1 interface and I also have policies to allow the internal IP (belonging to HW SW interface) to internet and our internal net. The weird thing here is that all the hosts connected to internal interface function properly, but the internal fortigate interface itself do not work properly. I can connected for management but I can not ping, nslookup, internet access, etc for traffic generated on that interface. I can not add the FortiCare Support. I'm trying to create a specific static routes and add A DNS entry (220.127.116.11) to allow access just for FortiCare Refgistration.
My thought is the FortiGate is using the WAN interface as a source IP for all this connections, instead of the internal, and this IP is not allowed in the VPN tunnel. What do you recommend guys to allow this access? includes the wan IP on the VPN tunnel ?