Comware

I'm attempting to replace my current firewall.  Right now, we've just got a single line running from the HP 1950 to the watchguard.  In order to build in some redundancy, I'm wanting to setup a LACP connection from the 1950 to the FortiGate.  As far as I can tell, everything is configured correctly. 

1. interface Bridge-Aggregation1
2. port link-type trunk
3. port trunk permit vlan all

1. interface Ten-GigabitEthernet1/0/1
2. port link-type trunk
3. port trunk permit vlan all
4. port link-aggregation group 1

1. interface Ten-GigabitEthernet1/0/4
2. port link-type trunk
3. port trunk permit vlan all
4. port link-aggregation group 1

The configuration on the Fortinet is correct.  In this case, I've got the LACP set as static, trying to bring it up, but I also tried with the LACP at Dynamic

1. interface Bridge-Aggregation1
2. port link-type trunk
3. port trunk permit vlan all
4. link-aggregation mode dynamic

But it was the same result.  I'd get a physical connection between the devices, but when I tried to ping from the 1950 to the FortiGate or from the FrotiGate to the 1950, I got no response.  Any idea why I couldn't get traffic to flow between them?

I think I figured out the issue, but I won't know for sure until our next maintenance window.
All the vlan interfaces on the Fortinet are sub-interfaces of the LACP-Trunk interface.  On the HP, I had the PVID set as 1 and allowed vlans set as all.  I think the issue is a vlan tagging issue.  The fortinet is expecting vlan 1 to have a tag, not just be the native vlan and the HP wasn't tagging vlan 1.  I tested by changing the PVID on the HP to 4094 and created a dummy LACP-Test interface on the Fortinet, with a sub-interface on vlan 1 that was an unused IP on the network.  Plug up the ports, the LACP comes up and I get pings across!  So I can't be 100% sure until our next maintenance window, but it looks like it was a vlan tagging issue. 

I'm attempting to replace my current firewall.  Right now, we've just got a single line running from the HP 1950 to the watchguard.  In order to build in some redundancy, I'm wanting to setup a LACP connection from the 1950 to the FortiGate.  As far as I can tell, everything is configured correctly. 

1. interface Bridge-Aggregation1
2. port link-type trunk
3. port trunk permit vlan all

1. interface Ten-GigabitEthernet1/0/1
2. port link-type trunk
3. port trunk permit vlan all
4. port link-aggregation group 1

1. interface Ten-GigabitEthernet1/0/4
2. port link-type trunk
3. port trunk permit vlan all
4. port link-aggregation group 1

The configuration on the Fortinet is correct.  In this case, I've got the LACP set as static, trying to bring it up, but I also tried with the LACP at Dynamic

1. interface Bridge-Aggregation1
2. port link-type trunk
3. port trunk permit vlan all
4. link-aggregation mode dynamic

But it was the same result.  I'd get a physical connection between the devices, but when I tried to ping from the 1950 to the FortiGate or from the FrotiGate to the 1950, I got no response.  Any idea why I couldn't get traffic to flow between them?