Branch Fortigate use HQ Fortigate as default gateway

Have brain freeze and can‘ t remember how to do, thought I‘ d ask the experts, hoping for some quick help!

I have a central Fortigate with UTM services, web filtering. etc.

And a remote Fortigate using an IPSEC tunnel to connect to HQ, all users in the remote site need to have their default route go over the VPN – so they can have the same web filtering policies as the HQ network from the HQ firewall.

I have IPSEC tunnel configured (interface mode) and can access ranges in both sites but now need to push the default route over the VPN.

The Fortinet documentation says to edit the static route to and point it over the tunnel interface but if I do that the remote Firewall won‘ t have is next hop, default gateway listed anywhere – so won‘ t be able to reach the external peer ID for the VPN as it will not know how to connect.

Am sure I have missed the obvious but its been a long day, any advice very appreciated