We have recently ran into issues with this using LACP from the FortiGate to Meraki MS350's and MS355's on firmware version 7.2.7, mostly just with FortiGate 80F's that we have identified so far. Sometimes one of the ports on the switches will just start displaying the following error, "Port running LACP and LACP has disabled this port". We have tried rebooting the switches and the firewall. We even reprovisioned firewalls. We had the message go away on one after re-provisioning it, factory reset/push config from fortimanager. However in each of these cases the firewall has been up and connected via LACP to these switches for quite some time, sometimes months without issues. We did notice some RSTP port status changes in the RSTP logs and also found out at one site that the site maintenance person had been rebooting the firewall if they lost internet connectivity without notifying anyone. We have this same template and configuration pushed out to over 40 facilities, but have just recently started hearing reports of these issues happening so we aren't sure of the cause yet at this point. Our Meraki side config in our scenario is native VLAN 10 and all VLANs allowed. On the firewall side we have the native VLAN untagged and then all used VLANs configured as VLAN interfaces on the LAG. Our firewall side shows the same with no errors or issues when we ran into the switch side reporting that one of the ports was disabled. We have a higher tier 3rd party support vendor assisting us with the rollout of these firewalls and this configuration and they stated they believe it may be a bug that only presents in rare scenarios and we are planning to start troubleshooting next week. I would love to hear if you find out any further information.
... View more
