Unless somebody implemented Heartbeats on this Fortigate it won't work as the tunnel will not be active without proper heartbeats arriving at the PoP.

I actually have a Tunnel running over a PPPoE Link (that gets a new IP daily). The only thing is that you need to run something on your LAN that does the Heartbeat (like a Unix stattion that runs that daemon). In essence you can follow the example on http://www.sixxs.net/wiki/Fortigate Some notes though: - I am using a current FortiOS 4.2 (Patch1) - in additon to the example i needed to specify the "carrier" Interface (off this, PPPoE runs && SIT Tunnel runs). After creating the "SIT Interface" change this Interface and add the underlying PHY. - If you use PPPoE and get Dynamic IPs assigned, you cannot specify a SRC-IP for yout SIT-Tunnel. So i have it on 0.0.0.0 config system sit-tunnel - I will push to get Heartbeat integrated into FortiOS, so that no external "Hearbeat Client" is needed. Earliest for this would be FortiOS 4.3 though.