I may expect, But try this
When a tunnel drops, it's route is dropped as well, along with all affected sessions. Consequently, the outgoing traffic to the remote private network is sent out along the default route, usually through the WAN interface.
But, the Fortigate will establish a session for it, as there is a valid policy from LAN to WAN, destination ALL. Now when the tunnel comes back up, there is already a current session which has to time out first before a new session through the tunnel can be established. This causes a major delay in the data flow.
May be FIX
Create blackhole routes for traffic to RFC 1918 subnets, that is, 192.168.0.0/24, 172.16.0.0/12, 10.0.0.0/8 among others. These routes need to have a distance of 254 (not 255!) in order to kick in when there is no better route available. The route will be used when the tunnel goes down and traffic will be discarded; NO session is established.
When the tunnel comes up again, a new session can be built right away, without any delay.
Regards/Inder
Cisco IT Blogs awarded in 2020 & 2021
www.thenetworkdna.com