Re: Traffic takes wrong route - cache?
When the default route was used instead of the most specific routes, are you sure that your VPN tunnels where up ? If this is not the case, then you can use "blackhole" routes with higher distance than the VPN to prevent the traffic to go through the default route when the VPN is not up.
Moreover, they are three commands to troubleshoot the routing on the FortiGate:
* get router info routing-table all (see the routing table, with IPSec, dynamic protocols, ...)
* get router info kernel (or diag ip route list) are the two commands to show the kernel routing table.
* diagnose ip rtcache list (display the route cache).
If you need more help, please share the output of the three commands.