Hi EL,
yes you're right the SA status is active, but the tunnel is down if wee see in tunnel monitoring.
yes i enabled monitoring on phase 2. why have to disable it?
if i see in the log there are traffics hit policy but i think cannot pass through the ssg to outside, because if see in log policy the traffics from source to destination is close response... there are no byte sent.
actually what is the meaning of SA active but Link is down? when SA is active its suppose to be the tunnel is connected right?
for info: after SA is active, but Link is down see in monitoring tunnel in ssg, i just can ping to the fortinet public interface from client pc behind ssg but cannot to client pc behind fortinet.
actually what do you think about my configuration if you see the logs i sent to you before.. does the tunnel connected right?
do you have a guide to configure site to site VPN between ssg and fortinet? because maybe something wrong or less in my configuration, so i need some documentation to make sure its right.
I need more input from you...
Thanks a lot.
Andre