BGP sessions over dual VPN Ipsec tunnels only work on Instance 0, Instance1 stays in connecting status, resulting in lost packets
Standard dual-path VPN from Virtual WAN hub to single virtual FortiGate with two public IPs in AWS, using BGP routing.
Azure side shows only half of the BGP paths connected (ones related to Instance0 via both VPN tunnels) while virtual FortiGate in AWS shows all paths connected, but only half of them receiving routing adverts.
As a result, connections utilizing Instance1 paths are losing packets. Instance0 connections seem to flap often as well.
On working paths routes are propagated correctly both ways. Seems like we're missing something obvious either on Azure or FortiGate side. Has anyone observed something similar?