Apparently there isn't nothing you can do Switch side (at least speaking about the 1920-48G about which you provided the configuration).
Your HPE OfficeConnect 1920-48G sits on the Subnet B (192.168.1.0/24) with IP Address 192.168.1.22 assigned to its VLAN 1 (Default VLAN, the only one that exist); the Switch has a Static Route (any address/any subnet mask) to 192.168.1.1 (which, I presume, is the IP Address of the Default Gateway of Subnet B...so the IP Address assigned to a LAN Port on your Fortinet Fortigate Firewall on Subnet B).
So far, so good.
That IP configuration is not necessary for hosts sitting on Subnet B to connect with hosts sitting on Subnet A: the routing work should be done, on each side of the site-to-site VPN Trunk, by involved Firewalls and the Switch hasn't a routing role (only a switching role)...that configuration is useful just for the Switch so it can be able to reach all networks that aren't its subnet (so the Internet but also the Subnet A, if Firewalls are properly configured to permit that).
So simply an host of Subnet B should be correctly routed to another host of Subnet A and vice-versa (generally that's what is needed, Firewall policies, if any, excluded from the whole picture).
So pinging from the correctly addressed Switch 1920-48G or pinging from a correctly addressed host on Subnet B to A (or Subnet A to B), provided that the Switch is (as is) correctly configured, should work if the VPN Trunk is correctly configured (so routes A to B and B to A are working and proper routing rules are set on both Fortigate Fortinet Firewalls).
A side note about the way you configured the LAG (Link Aggregation Group) with member ports 1/0/45, 1/0/46, 1/0/47 and 1/0/48: I have a similar scenario (two 1920-48 trunked together with 4 ports LAGs)...in my case the configuration of LAG and member ports is:
...
# interface Bridge-Aggregation1 port link-type trunk port trunk permit vlan 1 link-aggregation mode dynamic # ... # interface GigabitEthernet1/0/x port link-type trunk port trunk permit vlan 1 port auto-power-down stp edged-port enable port link-aggregation group 1 #
...
Note the differences with your configuration (especially the port link-type trunk and port trunk permit vlan 1 respectively on LAG and LAG's member ports sections.
Probably, in your case, disabling PoE feature on those ports will be a good idea exactly like disabling (a thing I should do too) the auto-power-down option.
I'm not an HPE Employee
Hi, to troubleshoot what is happening you should simplify your test scenario; provided that:
- there aren't IP Addresses conflicts on hosts members of Subnet (A and B),
- host to host (select an host of site A and one of site B to be used for test) ICMP Pings (that's the minimum, testing other available protocols/application - see RDP, SMB, etc. - would be a plus) are all successful when performed between Switches (or just withing the same Switch) belonging to the same Subnet A for Site A (and Subnet B for Site B),
- each Subnet - A and B - has a well defined Default Gateway on each VLAN (you basically are working on VLAN 1 which is the Default VLAN and the Switch doesn't perform routing for other hosts than itself),
you can start doing other tests from a well known scenario: switching within the same Subnet - A and B - is working correctly. Sites are, from this point of view, tested singularly.
The next step could be to focus on the routing part between sites (that's Firewalls' task): from the same hosts used on point 2 above does a ping/traceroute against the other host on the other Site/Subnet actually work? if it doesn't (considering you can also test other form of communication: HTTP/HTTPS/RDP/SMB/etc.) then the issue is on the Firewalls and, probably, on the VPN Site-to-Site configuration (VPN Trunk can be up but routing A-to-B and B-to-A could be the real issue).
I'm not an HPE Employee
If you're referring to this configuration line:
# ip route-static 0.0.0.0 0.0.0.0 192.168.1.1 #
that's exactly what I found on mine (clearly I use different IP Address) and all looks quite good.
A doubt: what is the Switch's port connected to the FortiNet FortiGate Firewall on Site B (Subnet B)? is it the 1/0/1?
I ask because I saw:
# interface GigabitEthernet1/0/1 port link-type hybrid port hybrid vlan 1 tagged speed 100 duplex full port auto-power-down poe enable stp edged-port enable #
I doubt it could be an issue with the Switch itself...eventually about its configuration.
When you say you can drop in an HP ProCurve 2626 (J4900A) instead of the HPE OfficeConnect 1920-48G and traffic starts to flow flawlessly...then...what is the configuration of HP ProCurve 2626's port connected to the Firewall?
I'm not an HPE Employee
The 2626 then, with respect to what is configured on 1920, has two VLANs configured: VLAN Id 1 (Default) with IP Address given above and VLAN Id 5 without IP Address assigned...this make me think that routing, if any, between hosts connected to tagged ports of VLAN Id 5 and hosts connected to untagged ports of VLAN Id 1 should be performed by a third party device (the Firewall)...given configuration of ports 21, 23 and 24...will be intersting to understand how the 1920 can be considered a "drop-in" replacement of the 2626, and vice versa.
How was/is the 2626 connected to the Firewall? how is/are configured Firewall's LANs ports?
I'm not an HPE Employee