Unable to connect 92D on a Juniper switch - MAC learning issue

Hello

i had to deactivate STP on EX4200 to have the fortigate running

STP is not activated on FGT

That's probably not a good ideal. If you ever get a layer2 loop, you will have a disastrous outcome.

Since the FGT60 was working, once again what did you have cfg configured on  the ports that are used? Are you connecting this as a switch interface to the EX?

Each FGT interface is connected to EX switch

Fortigate is in interface mode, so i guess that BPDUs are not forwarded from a vlan to another

I yes, i do not understand why and i don't know how to deactivate this

Interfaces config is the same as the 60D

I already encounter a storm ... but i need to replace 60D as licenses are over ...

please find full config of internal1 and 2 below

    edit "internal1"         set vdom "root"         set mode static         set dhcp-relay-service disable         set ip 192.168.102.254 255.255.255.192         set allowaccess ping https ssh         set fail-detect disable         set pptp-client disable         set arpforward enable         set broadcast-forward disable         set bfd global         set l2forward disable         set icmp-redirect enable         set vlanforward disable         set stpforward disable         set ips-sniffer-mode disable         set ident-accept disable         set ipmac disable         set subst disable         set status up         set netbios-forward disable         set wins-ip 0.0.0.0         set type physical         set netflow-sampler disable         set sflow-sampler disable         set sample-rate 2000         set polling-interval 20         set sample-direction both         set explicit-web-proxy disable         set explicit-ftp-proxy disable         set tcp-mss 0         set inbandwidth 0         set outbandwidth 0         set spillover-threshold 0         set weight 0         set external disable         set description ''         set alias "Private_VLAN"         set l2tp-client disable         set security-mode none         set device-identification enable         set device-user-identification enable         set device-access-list ''         set device-netscan disable         set lldp-transmission vdom         set listen-forticlient-connection disable         set vrrp-virtual-mac disable         set snmp-index 7         set secondary-IP disable             config ipv6                 set ip6-mode static                 unset ip6-allowaccess                 set ip6-reachable-time 0                 set ip6-retrans-time 0                 set ip6-hop-limit 0                 set ip6-address ::/0                 set ip6-send-adv disable                 set autoconf disable                 set dhcp6-relay-service disable             end         unset dhcp-relay-ip         set dhcp-relay-type regular         unset macaddr         set speed auto         set mtu-override disable         set wccp disable         set drop-overlapped-fragment disable         set drop-fragment disable     next     edit "internal2"         set vdom "root"         set mode static         set dhcp-relay-service disable         set ip 192.168.103.254 255.255.255.224         set allowaccess ping snmp         set fail-detect disable         set pptp-client disable         set arpforward enable         set broadcast-forward disable         set bfd global         set l2forward disable         set icmp-redirect enable         set vlanforward disable         set stpforward disable         set ips-sniffer-mode disable         set ident-accept disable         set ipmac disable         set subst disable         set status up         set netbios-forward disable         set wins-ip 0.0.0.0         set type physical         set netflow-sampler disable         set sflow-sampler disable         set sample-rate 2000         set polling-interval 20         set sample-direction both         set explicit-web-proxy disable         set explicit-ftp-proxy disable         set tcp-mss 0         set inbandwidth 0         set outbandwidth 0         set spillover-threshold 0         set weight 0         set external disable         set description ''         set alias "Server_VLAN"         set l2tp-client disable         set security-mode none         set device-identification disable         set lldp-transmission vdom         set listen-forticlient-connection disable         set vrrp-virtual-mac disable         set snmp-index 8         set secondary-IP disable             config ipv6                 set ip6-mode static                 unset ip6-allowaccess                 set ip6-reachable-time 0                 set ip6-retrans-time 0                 set ip6-hop-limit 0                 set ip6-address ::/0                 set ip6-send-adv disable                 set autoconf disable                 set dhcp6-relay-service disable             end         unset dhcp-relay-ip         set dhcp-relay-type regular         unset macaddr         set speed auto         set mtu-override disable         set wccp disable         set drop-overlapped-fragment disable         set drop-fragment disable     next

Okay that looks simple, so when  internal1 & 2 are connect you don't see  the layer2 mac-address for either interface once you generated traffic in van1 + 4 ?

Are the  EXports correctly set for speed/duplex and vlan assignments?

Once internal2 is plgged in the switch, the switch port where internal2 is connected going blocked by STP

Ports have the same switching config, just vlan members are differents

Suggestions;

can you make a 2nd switch profile for  the internal2 port and give that a try?

When you port goes block is it due to received BPDUs?

Can you run a simple diag sniffer on internal1&2 to check the ports to see if your sending BPDUs? and b4 you connect to the juniper? ( just connect a pc host to the ports and run the command below )

e.g

diag sniffer packet internal1 "stp" 5

 and

triple check any switch settings if any;

get sys switch-interface

Hello

Sorry for delay, i was not able to perform tests

I can see now that the MAC of the cisco switch is learned by the juniper switch via Fortigate interfaces ...

I will try to find out what can be the command to solve this

BR