Hello,
I am having STP issues when integrating with Fortinet switches and a Fortinet FW. We use RSTP on Ruckus, and they use MSTP. As far as I know, these are compatible with each other.
We provide internet access to the fortinet switches and FW through a VLAN that is just tagged L2 through 3 Ruckus switch hops, and into a Palo edge FW. We do have redundant routes to a different location and set of switches, but this is not tagged through for now.
We also provide layer 2 access to a branch location that has a fortinet switch. This goes through 5 hops, and is redundant to a second location that also has 5 hops. For some reason however, on both routes for the branch location, the ruckus switches RSTP shows that all ports are forwarding. Shouldn't it be blocking the redundant path?
The Fortinet has the only routed interface for the branch location, and a public interface for the internet for their internal network. Our Palo edge is the public gateway for that public network. Our switch at the site where their Fortinet firewall is located also has L2 tags set up for their internal VLANs to pass through, but no IPs for those VLANs.
When the fortinet side enables their interfaces, a Ruckus switch becomes the root bridge for all VLANs, which is not ideal. I have changed the priority on our Ruckus switches to max, with no change. Additionally, it appears the fortinet side goes into blocking, and sometimes pings to the internet will be intermittent. If they enable an interface with STP turned off, they get full internet access. I am curious if anyone has any suggestions? I think my next attempt with them would be to use MSTP on ruckus switches.
I have a network diagram that I quickly created, but don't believe I'm able to post it here.
Thank you!
