Re: Security Fabric - No response from upstream Fortigate
Actually, I did a sniffing analysys and discovered that the mu branch FG was sending the packets with the Wan IP Address as the source-addr. I added this address on my phase 2 configuration and it didn't succeeded.
It only worked when I configured IP addresses in the IPSec interface in both sides, in a lab enviroment. It seems that yes, it is mandatory. This is a sad thing, because we do not use addresses on our IPSec interfaces normally, as it is not needed for traffic to flow.
Fortinet could handle this by giving an option to change de source address, as we have, for example,
LDAP or RADIUS server.