Multiple S2S VPNs between two UTMs

Question

Hello everyone,
we are having multiple sites equipped with UTMs

Now one of the sites which previously just had a local LAN added a local DMZ network to its IP ranges.

The site is/was connected to HQ using a S2S with automatic firewall rules

Site-Lan <> Any <> HQ-networks

Now I would like to add the second remote range as well but obviously not with Automatic firewall rules

So I thought to just create a second S2S tunnel with manual firewall rules

Site-DMZ <> HQ-networks + rule that specifically allows certain services to be accessed from HQ in Site-DMZ but no access from Site-DMZ to HQ-networks

Configuration wise both UTMs use Hostname as VPN-ID and have RSA-Keys exchanged
The second S2S would be auto-firewall-rule on Site-side and manual on HQ-side

Would this work or would I get trouble with SAs not being assigned correctly or soforth?

Site-LAN and Site-DMZ are separate ranges w/o overlap

Thanks for your help

This thread was automatically locked due to age.

apijnappels · Answer

I think you cannot create two links between the same endpoints. You will have to stick with One tunnel in which both SA's (Internal LAN and DMZ) are included. You will then off course have to deselect automatic firewall rules and can create the rules yourself in both firewalls. 
 HQ -> Site LAN -> any -> Allow Site LAN -> HQ -> any -> Allow 
 HQ -> Site DMZ -> specific services -> Allow 
 The first 2 rules can actually be combined in 1 rule by adding both HQ and Site LAN to both source and destination in the same rule.