network hardware

How to configure Kerio on different VLANs?

Comrades, I need help setting up Kerio (or L3 switch, because it's not clear what is configured incorrectly), I have run out of ideas and options.
There are L2 and L3 switches with the following settings:
L2 switch

HP-2530-48G-01# sh run

Running configuration:

hostname "HP-2530-48G-01"
time timezone 180
ip default-gateway 192.168.99.250
snmp-server community "public" unrestricted
vlan 1
   name "DEFAULT_VLAN"
   no untagged 1-48
   untagged 49-52
   no ip address
   exit
vlan 99
   name "Management"
   untagged 47-48
   tagged 49
   ip address 192.168.99.10 255.255.255.0
   exit
vlan 102
   name "Users"
   untagged 1-30
   tagged 49
   no ip address
   exit
vlan 103
   name "Printers"
   untagged 31-46
   tagged 49
   no ip address
   exit
management-vlan 99
no tftp server
no dhcp config-file-update
no dhcp image-file-update
password manager

Switch L3

Aruba-2930F-48G-01# sh run

Running configuration:

hostname "Aruba-2930F-48G-01"
module 1 type jl260a
time timezone 180
ip routing
ip route 0.0.0.0 0.0.0.0 192.168.1.1
snmp-server community "public" unrestricted
vlan 1
   name "DEFAULT_VLAN"
   no untagged 11-32,47-48
   untagged 1-10,33-46,49-52
   no ip address
   exit
vlan 99
   name "Management"
   untagged 47-48
   tagged 50-52
   ip address 192.168.99.250 255.255.255.0
   exit
vlan 101
   name "Servers"
   untagged 11-20
   tagged 50-52
   ip address 192.168.1.250 255.255.255.0
   exit
vlan 102
   name "Users"
   tagged 50-52
   ip address 192.168.2.250 255.255.255.0
   ip helper-address 192.168.1.2
   exit
vlan 103
   name "Printers"
   tagged 50-52
   ip address 192.168.3.250 255.255.255.0
   ip helper-address 192.168.1.2
   exit
management-vlan 99
no tftp server
no autorun
no dhcp config-file-update
no dhcp image-file-update
device-profile name "default-ap-profile"
   cos 0
   exit
activate provision disable
password manager

There is a DHCP server with the address 192.168.1.2, which is included in VLAN 101, it distributes addresses for all subnets according to the template:
address 192.168.*.0
mask 255.255.255.0
gateway 192.168.*.250
, where * - 1, 2 or 3 depending on the VLAN
And there is Kerio with the address 192.168.1.1 from VLAN 101 on the internal interface (without specifying the gateway, because the gateway is specified on the external interface that receives the Internet from the provider), which distributes the Internet. On L3, a static route ip route 0.0.0.0 0.0.0.0 192.168.1.1 is added, and on Kerio itself 192.168.0.0 mask 255.255.0.0 gw 192.168.1.250.
With this scheme, any device and any VLAN sees each other, i.e. routing works between Vlan, BUT only the 1st subnet has Internet, i.e. VLAN 101, from the other two subnets, the Kerio address 192.168.1.1 is not pinged, and therefore there is no Internet, while
the neighboring address 1.2 is pinged and the addresses leave it normally. Help me figure out where to dig!
In the Nat rules on Kerio, it seems that I also manually added the 2.0/24 network, but it still does not work