New to FortiGate firewalls here and have a general grasp on networking, so keep that in mind here haha. Below is sanitized info on the problem.
So we have a new 100F we are testing with, running 6.4.2. We have a fairly simple network with an HP 5412zl2 acting as the core with IP routing enabled, numerous VLAN's as needed. We have a dedicated Management network already that is used for numerous other devices that is confirmed working (VLAN 200). Currently, client devices reside in something like a VLAN 100 and are untagged by default. No trusted hosts are configured at this time.
I set up the FGT first on the mgmt interface on an untagged interface on the core. The core and the FGT can ping each other fine, as long as the core pings from a source of VLAN 200. Machines in VLAN 100 cannot ping the FGT, but can ping a machine that is also untagged in VLAN 200, and vice versa. The machine in VLAN 200 that is untagged can access the FGT just fine and can ping machines in VLAN 100. When I create a static route to VLAN 100 to use the VLAN 200 gateway, then machines in VLAN 100 can access the FGT fine. The issue I have with that, from my understanding, is that this will cause problems when I create a trunk port to the core for general use across all VLAN's (100, 101, etc...) because all traffic destined for VLAN 100 will use the Mgmt interface instead of that trunk interface.
Is there something I am missing here? Maybe misunderstanding how this works?