Hi Rob,
ICMP is passed through untouched, but TCP traffic should trigger the peers to come online. If there is continuous traffic they will stay online. If there is no more traffic they will timeout after 60 seconds, indicating that the peer might be down. The peers will re-established before the first TCP handshake is complete.
If they are not coming online at all, then it is something else. For the peers to detect each other TCP Option 76 is used. It happens that some Firewall and NAT devices strip the TCP Options. To see if the options are arriving from the remote end subnets, we can troubleshoot this with:
tcpdump -i wan0 | grep mss
If they arrive, the peer should be up.
It is also possible that one of the appliances have the lan0/wan0 swapped and some 'peer detected on lan0' messages would be logged.
The MTU at 1400 could potentially create a problem depending on the interface its configured on. Wanos will reduce the MSS to 1320 for optimized traffic to provide sufficient headroom for high overhead vpn scenarios. Its rarely needed to adjust MTU settings.
Rule of thumb, if traffic is flowing fine before installing Wanos, then after install it should be exactly the same.
As a last resort, if the TCP Options are stripped and there is no way to resolve it, the encap can be set to GRE or UDP in the gui on both ends.
Edit: You don't perhaps have any bypass rules configured?