Both networks can reach each other just fine. I already have clients at the remote office using drive mappings on the file servers at the main office. I am also able to RDP into clients on the remote office network from the head office.
The problem is that everything has to be done with IP's.
Without AD DNS, I'm going to have problems if I start deploying AD windows desktops at the remote offices.
I'm using this document as a reference setting this up.https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/960561/fortigate-dns-server
lso, I have the AD DNS server configured to allow zone transfers.
I have a fortigate 60e on the head office network and it's working fine looking up the the AD dns server using this config. I just can't get the branch office working and it appears to be that the FGT at the branch office can't reach the main office network.
Perhaps I need to create a static route or a policy route for the FGT ip to the tunnel?
It is a good question about what IP the FGT uses when it tries to do the DNS lookup. I would assume it would use the IP on the lan network, but as I think of it, the system DNS lookup goes to the wan dns server.
However this is the same config on the FGT on the head office network and it looks up without issue. But then the IP it is looking up to is a locally attached network.
In any case, you can't ping any of the branch offices FGT from the main office FGT. Devices within each of the networks can reach each other, it's just the gateways that can't reach each other across the tunnel.