(Basic?) VLAN Issues!

I have read a lot of the articles relating to this, watched videos, and talked with support but still can't get to the bottom of this problem.

I have a FortiGate-30E (running 6.0.2) and a Netgear Switch (GS724TPv2 ProSAFE 24-Port Gigabit Smart Managed Switch)  Both are supposedly 802.1q compliant. (?)

I am trying to setup 4 simple VLANs.

These 3:

10 - Main (main network, data, printers)

DHCP: 192.168.10.1 /24

20 - Guest (just for the Guest SSID network, FortiAP)

DHCP: 192.168.20.1 / 24

30 - Voice (for the Polycomm VoIP phones)

DHCP: 192.168.30.1 / 24

and this 1 just in case the Netgear switch needs this to function (?)

1 - Management

DHCP: 192.168.100.1 / 24

None of the VLAN networks need to talk to eachother (no inter-VLAN routing needed) just need to go out to the WAN/Internet.

The main LAN/Hardware switch interface in the Fortigate has all 4 ports as members. It has the address 192.168.1.1

Underneath are the 4 VLAN interfaces, with their DHCP enabled.

Under IPv4 Policy, I have simple policies for each one that allow them to go out to the WAN.

I have port 1 of the Fortigate connected to port 1 of the Netgear switch. I would like this to be the Trunk port and have all VLAN traffic go through this one cable.

On the Netgear switch, I created the exact same VLAN IDs. I have port 1 tagged for all of them (10, 20, 30) and 1 as untagged, otherwise I lose communication.

Everything plugged into the router or switch gets an IP of 192.168.1.x (LAN interface)  - I don't even wan to use that subnet. I started off with that LAN interface DHCP disabled, thinking everything plugged in would be a member either VLAN 10, 20, or 30. But then nothing was getting an IP, and to communicate with anything I had to type in Manual IPs that LAN range, so I enabled DHCP and the switch gets 192.168.1.2, and anything plugged in anywhere is on that subnet.

As a simple test, I plugged in a Mac Mini (VLAN unaware) to port 24 of the Netgear switch. I would like to be on VLAN 10, and get a .10.x IP (not .1.x) I made port 24 a member of VLAN 10 / untagged. And I set the PVID from 1 to 10 to force incoming data on the switch to get tagged with 10. As soon as I change the PVID from 1 to anything else I lose communication. That Mac Mini ethernet port goes red and eventually gets a 169 self assigned IP. If I switch the PVID back to 1, it gets the LAN interface IP. I've tried a lot of combinations but nothing works. It's either 192.168.1.x or no communication.

I have been on the phone with Fortinet support, screenshared in, and they said everything looks good it must be the switch.

I have been on the phone with Netgear support (for hours, experimenting), screenshared in, and they said everything looks good it must be the router.

Ahhh!

1) How the hell can I get this working? What am I doing wrong?

2) Should I have created that Managment VLAN #1 ?

3) Do I need to use a VDOM? (not really sure what that is)

As you may notice, I'm not a VLAN expert and I don't really use the CLI.

The forti support did a sniff cmd on 67 and 68 and the traffic was not a part of any VLAN.

Please let me know if you need any other details in order to solve this. I am hoping to get this working today and will reply quickly.

Many thanks for the help!

Tom