You should not put port 23+24 into an HP Trunk.
HP Trunking is only for load balancing multiple connections from one HP switch to one Fortigate.
In Fortigate this is called an aggregated interface.
This is used for increase of bandwidth between switches and Fortigates.
Fortigate supports using aggregated LACP on specific models, but yours does not.
You are using an HA setup, which splits the connections over two (or more) single fortigates.
This is a redundant interface, not a aggregated interface, huge difference
In a Fortigate HA setup the units are not stacked, they operate as separate nodes beeing controlled by the master.
All redundant interfaces within an Fortigate HA setup operate individually and do not require usage of HP trunking.
In all HA setups control information is send over the HA link between the nodes using FGCP.
If you are using an active-active setup , actual traffic between the nodes can be send over the HA link(s).
Your setup will actually drop traffic initiated to the second fortigate as initated traffic always goes to the primary fortigate. In active-passive or vdom clustering mode traffic will be fully processed by the primary unit, in active-active mode the primary might send the request over to the secondary unit to process the traffic.
But there are several caveats in that.
For further details I will refer to the Fortigate 6.0.5 handbook regarding HA:https://docs.fortinet.com/document/fortigate/6.0.5/handbook/643919/high-availability
You did not mention where the other ports are connected to.
Fortigate A port1 is connected to port23 on the HP switch, which is part of the Trk interface.
In your HP switch configuration you now have placed all vlans on this Trk interface.
VLAN1 is untagged, VLAN 10 and VLAN102 are tagged.
Looking from the Fortigate perspective this is good. Keep it like this on the Fortigate side.
Hardware switch "lan" will receive and send traffic untagged and the HP switch places this traffic in VLAN1.
Hardware switch "lan" sub/vlan interface X will receive and send traffic tagged with vlan X and the HP switch places this traffic in vlan X.
You should put the other vlans you have on the HP switch with tagged port 23 and tagged port 24 (remember no Trunk)
Fortigate port 2 should NOT be connected to the same switch or the same network. You can connect this port to an endpoint (client or server), but it should not make a loop in the network.
For the HP switch perspective you should remove the Trk interface and put the vlans on both port 23 and port 24.
On port 23 and port 24 vlan1 untagged, the rest tagged.
For your client ports it depends if that traffic is processed untagged or tagged.
If your clients , like iDRAC, are set up to use a vlan than this is tagged.
If your clients , like your laptop without additional configuration, are set up without a vlan this is untagged.
Try this, place a client port on the HP switch (1-18) of vlan 10 in untagged mode, connect your laptop without specifying a vlan and you will get connection to the fortgate interface in vlan 10.
If you place multiple interfaces (aka members) into a zone, this can simplify policy rules.
A policy rule can only be created from/to the zone, not the individual members.
For a zone it is possible to allow intra-zone communication with a setting in the zone configuration.
This is the same as making a policy from source interface zone , destination zone, source all, destination all, service all, no nat. Basically an ANY-ANY rule for all members in the zone.
The checkmark you can setup in the zone configuration BLOCKS the intrazone communication.
All traffic between the members will now be denied except for traffic specifically mentioned in a firewall policy.
This is how you mentioned your current setup:
" Hp switch is connected directly to Fortigate port 1 (Hardware switch) and using Zone to combine all VLAN with "Block intra-zone traffic" disable to reduce multi policy between Vlan."
Yes, this will block all traffic between the members in the zone.
Remember the default behaviour in a fortigate for interfaces that are not in the same zone is block.
For example traffic between the zone and "lan" is blocked by default.
If you would remove all the vlan interfaces from the zone, all will still be blocked by default and you would need to create policies to allow traffic between these interface.
This allows for more control on the traffic between the members, but off course increased the amount of policies in the policy view.
Tip, you can change the system>features to allow for a policy from and to multiple interfaces, reducing the amount of policies that do the same.
Note, this will change the interface view to section view only.
You could make a policy from all the vlan interfaces to all the vlan interfaces allowing all without NAT, which does the same thing as the zone with the allow of intra-zone traffic, your choice.
Remove HP Trunk
Put vlan1 untagged on port 23 and port 24 , other vlans tagged on port 23 and port 24
Don't connect Fortigate port2 to the same network
Check HA setup and behaviour
Check zone setup and behaviour
((wow this was a long one, usually I get payed for this ;p , but for you it's completely free ))