Having a problem of intervlan routing with my Layer 2 Meraki MS 125 and Fortigate firewall

New here

Having a problem of intervlan routing with my Layer 2 Meraki MS 125 and Fortigate firewall

Can anyone kindly assist with the problem that i am currently facing. I have a layer 2 Meraki switch and a FortiGate. I am using my FortiGate for InterVLAN routing. I have defined all the VLANs on both devices but i don't know why this is not working. Only trunk ports are receiving ip address and can access to the internet the access ports aren't working. Your assistance in this regard would be appreciated

Kind of a big deal
Kind of a big deal

@Ginah-P on the MS do you have a trunk port to the Fortigate and access ports with the one VLAN defined in the settings?


You don't need to define the VLANs on the MS it will accept all unless denied, perhaps delete that part of your config.


On the trunk to the Fortigate make sure the native (untagged) VLAN is the same and if the Fortigate tags all then leave it blank on the MS port. 

Getting noticed

You have not given us much to work on.


However you have not mentioned if your vlan's are using statically defined IP's ? DHCP ?


Is DHCP server giving the default gateway of the fortinet ? if they are static have you configured the fortinet as default gateway ?


On your switch just make sure your trunk ports are set to allow all vlan's, then test.


You can play with locking down specific vlan's on specific trunk ports later.


fortinet ------- trunk ----- switch port.

New here

Thank you all guys for your input. I managed to make the network work as expected.   I didn't alter my initial configurations on the MS, i reseted the FortiGate and configured it via the CLI, after  i did that i realized that everything was working accord to our requirements. I didn't do much. 


Many thanks to all who have contributed to my technical problem.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.