@Istam 

The message says that there is an overlap between your local and remote networks.
You cannot use the same remote network in the ipsec configuration as any of your local networks.

  @MR.S 

Even though I manually write the IPsec VPN settings, it gives this error, both IPs are different from each other, but still there is this error, when I configure this second IPsec, it gives this error, the first one did not have this error. I will also attach the project topology, maybe there is a topology error

TOPOLOGY

  @MR.S 

Thank you for your recommendation, but now I can't update the device firmware via the Controller, I get an https error.

  @Istam 

If you use SD-WAN or regular site to site, there is no difference in how they communicate. What you have to make sure is that the devices to be upgraded have access to the management port, if you have an OC300, it is default TCP/443. You have to port forward this port to the OC300 and UDP 29810 and TCP 29811-29817 for the other ports. How do the devices at the remote sites communicate with your controller now?

Can you take a picture of the error message you get when you try to upgrade?

  @MR.S 

I can't show the error image now because I had already manually updated the devices after this error occurred. But as you said, port 443 in NAT was not opened to the controller because it was used for another purpose and this port is busy. Is it possible to use another port for the controller?

  @Istam 

yes you can change the port in global settings and system settings

reboot controller after changing the port

  @MR.S 

Thank you very much, everything is working as it should, no problems.