I think we are getting there (as to why it's missing, no idea - as I wrote it stopped working after a firmware upgrade). Now i can start Outlook (app in windows) and i can browse some sites, but not all and I can't reach corporate/internal stuff. And it's very slow.
Now I have
root@Teltonika-RUTX12:~# iptables-save | grep policy | grep ipsec
-A zone_ipsec_forward -m comment --comment "!fw3: Zone ipsec to lan forwarding policy" -j zone_lan_dest_ACCEPT
-A zone_lan_forward -m comment --comment "!fw3: Zone lan to ipsec forwarding policy" -j zone_ipsec_dest_ACCEPT
Above you wrote "Check the page Network->Firewall->General Settings in the Zones->Forwardings section do you have lan=>ipsec and ipsec=>lan present (and both set to Accept/Accept/Accept)" And later to add one zone, which I did.
I also inserted iptables -t nat -A zone_wan_postrouting -m policy --dir out --pol ipsec -m comment --comment "!fw3: Exclude-IPsec-from-NAT" -j ACCEPT
but no difference and it disappears when i lookup the iptables later.