I have this scenario -
Customer has Fortigate firewall at DC end while CP at HO (R80.40). Mgmt server(R81) is in DC and behind FG lets say 10.10.11.10 while network behind CP is 10.30.20.0/24.
Now we have a tunnel built between DG-FG and HO-CP. everything works fine except customer wanted to connect to smart console from HO network i.e. 10.30.20.0/24. Now since its a tunnel initially I thought it should take ACL and should not be issue while investigating found that connection is going through Implied rule since its a control connection and not matching VPN tunnel rule.
Later I decided to bypass 18190, 19009 ports and decided to route through Internet however I believe due to Peer and S2S vpn even this is not working.
Any clue or has any one ever faced this issue before?