I have encountered situations where a customer is needing to route all traffic, including Internet-bound traffic, from a branch location back to a main location to ensure consistent security policies, content filtering, or some other requirement.
In this scenario, let’s assume there is a firewall and ISP at the branch location. Normally, the firewall would have a default route configured that points to the ISP gateway for all Internet traffic. When adding a site to site VPN tunnel on a firewall that uses route-based VPNs and you want to send all traffic across this tunnel, you must create a default route that points to the tunnel interface. Fortinet and Palo Alto are examples of firewalls that use route-based VPNs where this would be applicable.
Because you are changing the default route to point to a site to site VPN, it is critical to also add a specific host route that points to the VPN peer public IP with the ISP gateway as the next hop. This is to ensure that the firewall has a route to the VPN peer instead of only using the default route that points to the VPN interface.