Re: How to setting manage all internet access through HQ site
two steps on each branch FGT (FAC1-4):
1- set a static route to the public IP of HQ pointing to the WAN port ("wan1", gateway=ISP router). Use a host route, for example "184.108.40.206/32".
2- set the static default route "0.0.0.0/0" pointing to the tunnel interface (no gateway), not to WAN anymore.
The first route will ensure that the branch FGT can establish the VPN tunnel. The second route directs all traffic to the HQ FGT.
On the HQ FGT:
3- create one or more policies to allow branch traffic to the internet (tunnel to WAN, subnet_FAC1 to all). Enable NAT on these!
Ede " Kernel panic: Aiee, killing interrupt handler!"