Hi we solved the issue with native vlan.

The topology is Core Switch Juniper QFX (Trunk with all vlans  + native vlan 10)<-->(Trunk with all vlans) FortiSwitch  (Allowed vlans + native vlan 4094)<-->(Trunk all vlans + native vlan 10) Juniper EX (Trunk allowed vlans + native vlan 10)<-->(Trunk) FortiSwitch


I didn't have management connection trough native vlan to the last FortiSwitch.
To solve this issue  on the first FortiSwitch I configured native vlan 4094 on the uplink to the EX 

The explanation is:
From QFX to the first FortiSwitch the traffic is tagged + natve vlan 10.
The first FortiSwitch receive all tagged vlans + untagged native vlan 10 (but inside FortiSwitch  the native untagged vlan is automatically changed to 4094) and it's okay.
But here management trough native vlan is broken in the last FortiSwitch after EX switch.
For this reason on first FortiSwitch on his port to EX switch native vlan is configured to 4094.
Then EX receive all tagged vlans + native 4094 but as native vlan 10  and could forward again all tagged vlans + native 10 to the last FortiSwitch where again inside last FortiSwitch native vlan ID is automatically changed to 4094.
Now if I connect other EX switch I should redistribute to it again native vlan 4094 and accept it as native vlan 10 and forward it to the next third FortiSwitch as Vlan 10 where inside third FortiSwitch untagged traffic is changed to 4094.


It's strange case but in this way management connection trough native vlan works fine when untagged traffic should pass trough FortiSwitch to EX switch and again to FortiSwitch.

But we have an issue with STP.

When we connect Forti switch in LACP to Juniper QFX core switch all switches start to block their uplinks duo STP issue.

Fortiswitches doesn't support RSTP but Juniper supports .

Do you have any experience with integration FortiSwitche with Juniper switches in trunk and lacp and do you know any information regarding STP issues?

We use L2 technologies for example trunk and lacp  to interconnect  fortiswitches with Juniper switches and L3 technologies on fortiswitches through native vlan for management purposes from Fortiswitch manager virtual appliance in vmware.

Hi Dan, thank you for your attention regarding the topic, of course I will provide you with more information.
This is the configuration from Juniper QFX side, 
LACP interface  Aggregate  12 configuration:
netadmin@QFXCoreSW> show configuration interfaces ae12 | display set
set interfaces ae12 description Up_2_FortiSWitch
set interfaces ae12 native-vlan-id 10
set interfaces ae12 aggregated-ether-options minimum-links 1
set interfaces ae12 aggregated-ether-options link-speed 10g
set interfaces ae12 aggregated-ether-options lacp active
set interfaces ae12 aggregated-ether-options lacp periodic slow
set interfaces ae12 aggregated-ether-options lacp system-id 7c:25:86:6b:78:e0
set interfaces ae12 unit 0 family ethernet-switching interface-mode trunk
set interfaces ae12 unit 0 family ethernet-switching vlan members all
set interfaces ae12 unit 0 family ethernet-switching storm-control limit

This is the physical interface  configuration:
netadmin@QFXCoreSW# show configuration interfaces xe-1/0/35 | display set
set interfaces xe-1/0/35 description Up_2_Fortiswitch
set interfaces xe-1/0/35 speed 10g
set interfaces xe-1/0/35 link-mode full-duplex
set interfaces xe-1/0/35 ether-options no-auto-negotiation
set interfaces xe-1/0/35 ether-options 802.3ad ae12

Regarding FortinetSwitch:
The version of Firmware is 7.2.4.
-I do downgrade to 7.2.3, from gui with manually download and upload the firmware through web from default network 192.168.1.0/24.

-I do factory reset "execute factoryreset"

-I do DHCP Discovery:
config switch-controller global
set ac-discovery-type dhcp
end

-I configure  "__FoRtILnk0L3__" interface:
config switch trunk
edit "__FoRtILnk0L3__"
set members "port8"
next
end

-Now I connect port 8 of the FortiSwitch temporally to  the Juniper EX switch where the configuration of port is:
netadmin@Juniper_Test_EX> show configuration interfaces ge-0/0/22 | display set
set interfaces ge-0/0/22 description Up_2_Fortiswitch_Initial_Setup
set interfaces ge-0/0/22 native-vlan-id 10
set interfaces ge-0/0/22 unit 0 family ethernet-switching interface-mode trunk
set interfaces ge-0/0/22 unit 0 family ethernet-switching vlan members all

- I wait to see the switch on the FortiSwitch manager.
When it's visible and accessible, I authorize it, then I disconnect it and I edit this interface "__FoRtILnk0L3__" for lacp:
config switch trunk
edit "__FoRtILnk0L3__"
delete members "port8"
set mode lacp-active
set members "port27" "port28"
next
-Now I connect it to Juniper QFX core switch on interface xe-1/0/35 from Juniper side, and the interface from Fortiswitch side is only port27. 

-Now I see the FortiSwitch through native vlan in Fortiswitc Manager, in 5 minutes I start to lose all network switches behind Juniper EX core switch, all switches behind core switch start to block their uplinks.

On the core QFX Juniper switch I see STP events for Topo_Change.
When I disconnect the FortiSwitch from the core switch, then I see   how connectivity to all other network switches start to recovery.

I am not able to understand where is a problem.
I  have already deployed Fortiswitch to core switch with identical configuration and procedure  and  it works fine.
The difference is that, the worked one is FortinetSwitch 124F-POE, but the switch with which I have issue is FortinetSwitch 148F-POE.

I noticed also strange behavior  in 108F-POE and 108F-FPOE as STP issues in simple trunk configuration.

For example I noticed that 148F-POE switch with identical configuration works fine, it is connected behind Juniper Switch, Juniper Switch is connected behind QFX core switch.  When Forti switch is connected to Juniper switch, in the network of the infrastructure starts strange behavior of Security cameras, they start to lost connectivity to recording servers for example.
Could you please share your experience do you have any idea why is tooo complicate to connect Juniper with Forti?

I tried to find more information regarding interconnection between the two vendors but I didn't find any information.

Thank you in advance for your time.


Note:  The core switch is 5 Juniper QFX  switches in one virtual chassis as logical one switch.

I checked all switches  in the infrastructure and the result is not well.
Firstly the topology of the network is:

5 x Juniper QFX switches in virtual chassis with this configuration for VSTP:
set protocols vstp vlan all bridge-priority 0

All Cisco switches are connected to core switches with LACP and this is configuration for rapid-pvst:
spanning-tree mode rapid-pvst spanning-tree vlan 1-4094 priority 4096

All Juniper switches are connected to core switches with LACP and this is the configuration for rstp
set protocols rstp interface ge-0/0/X and so and so.

We have one FortiSwitch connected to Core switches with LACP and it's fine.
Behind the Fortiswitch is connected Cisco Switch only in Trunk without LACP.
We noticed that the root address of the FortiSwitch is the address of the Cisco switch.
In someway  FortiSwitch don't create STP issue.

We think something with this mix of STP protocols and including also usage of multivendor switches as Juniper, Cisco and Forti is responsible for STP issues, when we connect FortiSwitch in LACP to Core Switch.

To fix it, additional configuration regarding STP is needed in all switches in the infrastructure.
Any ideas are welcome.

Also I have a case where the topology is : 
Recording Server -> Core <-Juniper-SW< - Cisco-SW <- FortiSwitch <- Camera
The recording server lost connectivity to the camera.
Fortiswitch learn mac address of camera correctly.
Cisco Switch also learn the mac address of the camera correctly from FortiSwitch.
Juniper switch also learn the mac address of the camera correctly from Cisco switch.
Now is the interesting part!The core switch learn the mac address of the camera incorrectly from different Juniper SW2, not as expected from Juniper SW1, it's too strange.

Something like two Fortiswitches make loop.
I suspect behind Juniper SW2 I have also FortiSwitch.

Could L3 managament through native vlan do STP issues?
Or here STP issue comes from incorrect STP configurations on the switches?