A loopback interface must be defined on the hub FortiGate to be used as a common probe point for the FortiGates that are using SD-WAN. The FortiGates send a probe packet from each of their SD-WAN member interfaces so that they can determine the best route according to their policies. Ping is allowed so that it can be used for measurements.
To configure the loopback interface on the hub FortiGate:
config system interface edit "loopback_0" set vdom "root" set ip 10.255.255.1 255.255.255.255 set allowaccess ping set type loopback next end