Overview:
FortiSwitch Secure Access switches deliver a Secure, Simple, Scalable Ethernet solution with outstanding security, performance and manageability for threat conscious small to mid-sized businesses, distributed enterprises and branch offices. Tightly integrated into the FortiGate® Network Security Platform, the FortiSwitch Secure Access switches can be managed directly from the familiar FortiGate interface. This single pane of glass management provides complete visibility and control of all users and devices on the network, regardless of how they connect.
Security Fabric Integration
Reduces complexity and decreases management cost with network security functions managed through a single console via FortiGate.
This integration allows all users to be authenticated against the same user database, regardless of whether they connect to the wired or wireless network, including temporary guest users.
In addition, same security policy can apply to a user or device regardless of how or where they connect to the network.
Simplify Network Deployment
The Power over Ethernet (PoE) capability in some models, enables simple installation of wireless Access Points and IP phones in the network.
Highlights
- Secure Access switches suitable for wiringcloset and desktop installations
- Ideal for converged network environments; enabling voice, data and wireless traffic to be delivered across a single network
- Devices are identified and users authenticated prior to being granted access to the network
- Centralized security and access management from FortiGate interface
- Up to 48 ports in a compact 1 RU form factor
- Stackable up to 300 switches per FortiGate depending on model
- Supports Wire-speed switching and Store and Forward forwarding mode
Deployment:
FortiLink Mode
The FortiSwitch Secure Access Switch series integrates directly into the FortiGate* Connected UTM, with switch administration and access port security managed from the familiar FortiGate interface. Regardless of how users and devices connect to the network, you have complete visibility and control over your network security and access through this single pane of glass, perfectly suited to threatconscious organizations of any size.
Standalone Mode
Virtualization and cloud computing have created dense high-bandwidth Ethernet networking requirements in the data center, pushing the limits of existing data center switching. FortiSwitch Data Center switches meet these challenges by providing a high performance 10 or 40 GE capable switching platform, with a low Total Cost of Ownership. Ideal for Top of Rack server or firewall aggregation applications, as well as enterprise network core or distribution deployments, these switches are purpose-built to meet the needs of today’s bandwidth intensive environments.
Features:
|
FortiSwitch FortiLink Mode (With FortiGate) |
Auto Discovery of Multiple Switches |
Yes |
Number of Managed Switches per FortiGate |
8 to 300 Depending on FortiGate Model (Please refer to admin guide) |
FortiLink Stacking (Auto Inter-Switch Links) |
Yes |
Software Upgrade of Switches |
Yes |
Centralized VLAN Configuration |
Yes |
Switch POE Control |
Yes |
Link Aggregation Configuration |
Yes |
Spanning Tree |
Yes |
LLDP/MED |
Yes |
IGMP Snooping |
Yes (not supported on 1xxE-Series) |
L3 Routing and Services |
Yes (FortiGate) |
Policy-Based Routing |
Yes (FortiGate) |
Virtual Domain |
Yes (FortiGate) |
802.1x Authentication (Port-based, MAC-based, MAB) |
Yes |
Syslog Collection |
Yes |
DHCP Snooping |
Yes |
Device Detection |
Yes |
MAC Black/While Listing |
Yes (FortiGate) |
Policy Control of Users and Devices |
Yes (FortiGate) |
Firewall |
Yes (FortiGate) |
IPC, AV, Application Control, Botnet |
Yes (FortiGate) |
Support FortiLink FortiGate in HA Cluster |
Yes |
LAG support for FortiLink Connection |
Yes |
Active-Active Split LAG from FortiGate to FortiSwitches for Advanced Redundancy |
Yes (with FS-2xx, 4xx, 5xx) |
|
FortiSwitch Standalone Mode |
FortiSwitch 2XXE Series |
FortiSwitch 1XXE Series |
Jumbo Frames |
Yes |
Yes |
Yes |
Auto-negotiation for Port Speed and Duplex |
Yes |
Yes |
Yes |
IEEE 802.1D MAC Bridging/STP |
Yes |
Yes |
Yes |
IEEE 802.1w Rapid Spanning Tree Protocol (RSTP) |
Yes |
Yes |
Yes |
IEEE 802.1s Multiple Spanning Tree Protocol (MSTP) |
Yes |
Yes |
Yes |
STP Root Guard |
Yes |
Yes |
Yes |
STP BPDU Guard |
Yes |
Yes |
Yes |
Edge Port / Port Fast |
Yes |
Yes |
Yes |
IEEE 802.1Q VLAN Tagging |
Yes |
Yes |
Yes |
Private VLAN |
Yes |
Yes |
No |
IEEE 802.3ad Link Aggregation with LACP |
Yes |
Yes |
Yes |
Unicast/Multicast traffic balance over trunking port (dst-ip, dst-mac, src-dst-ip, src-dst-mac, src-ip, src-mac) |
Yes |
Yes |
Yes |
IEEE 802.1AX Link Aggregation |
Yes |
Yes |
Yes |
Spanning Tree Instances (MSTP/CST) |
15/1 |
15/1 |
15/1 |
IEEE 802.3x Flow Control and Back-pressure |
Yes |
Yes |
Yes |
IEEE 802.3 10Base-T |
Yes |
Yes |
Yes |
IEEE 802.3u 100Base-TX |
Yes |
Yes |
Yes |
IEEE 802.3z 1000Base-SX/LX |
Yes |
Yes |
Yes |
IEEE 802.3ab 1000Base-T |
Yes |
Yes |
Yes |
IEEE 802.3ae 10 Gigabit Ethernet |
4xx and 5xx Family |
FS-5xx Family |
N/A |
IEEE 802.3 CSMA/CD Access Method and Physical Layer Specifications |
Yes |
Yes |
Yes |
Storm Control |
Yes |
Yes |
Yes |
MAC, IP, Ethertype-based VLANs |
Yes |
Yes |
Yes |
Virtual-Wire |
Yes |
Yes |
No |
Split Port (QSFP+ breakout to 4xSFP+) |
FS-5xx Family |
N/A |
N/A |
Time-Domain Reflectcometry (TDR) Support |
Yes |
Yes |
No |
Static Routing (Hardware-based) |
Yes |
Yes |
N/A |
Routing Entries |
64 on FS-2xx, 4xx Family; 16K on FS-5xx Family |
64 |
N/A |
Host Entries |
4K on FS-2xx, 4xx Family; 24K on FS-5xx Family |
4K |
N/A |
Dynamic Routing Protocols** |
OSPFv2, RIPv2, VRRP; BGP, ISIS on FS-5xx |
OSPFv2, RIPv2, VRRP |
N/A |
Multicast Protocols |
PIM-SSM on FS-5xx |
N/A |
N/A |
ECMP |
FS-5xx Family |
No |
N/A |
Bidirectional Forwarding Detection (BFD) |
Yes |
Yes |
N/A |
DHCP Relay |
Yes |
Yes |
N/A |
IGMP Snooping |
Yes |
Yes |
No |
Port Mirroring |
Yes |
Yes |
Yes |
Admin Authentication Via RFC 2865 RADIUS |
Yes |
Yes |
Yes |
IEEE 802.1x authentication Port-based |
Yes |
Yes |
Yes |
IEEE 802.1x Authentication MAC-based |
Yes |
Yes |
Yes |
IEEE 802.1x Guest and Fallback VLAN |
Yes |
Yes |
Yes |
IEEE 802.1x MAC Access Bypass (MAB) |
Yes |
Yes |
Yes |
IEEE 802.1x Dynamic VLAN Assignment |
Yes |
Yes |
Yes |
Radius CoA (Change of Authority) |
Yes |
Yes |
No |
Radius Accounting |
Yes |
Yes |
No |
MAC-IP Binding |
5xx only |
No |
No |
sFlow |
Yes |
Yes |
No |
ACL |
1K entries on FS-5xx Family; 512 on FS-1xx, 2xx, 4xx Families |
512 Entries |
No |
IEEE 802.1ab Link Layer Discovery Protocol (LLDP) |
Yes |
Yes |
Yes |
IEEE 802.1ab LLDP-MED |
Yes |
Yes |
Yes |
DHCP-Snooping |
Yes |
Yes |
Yes |
Dynamic ARP Inspection |
Yes |
Yes |
No |
Sticky MAC and MAC Limit |
Yes (2xx, 4xx and 5xx) |
Yes |
Yes |
Multi-Chassis Link Aggregation (MCLAG) |
Yes (2xx, 4xx and 5xx) |
Yes |
N/A |
IEEE 802.1p Based Priority Queuing |
Yes (2xx, 4xx and 5xx) |
Yes |
No |
IP TOS/DSCP Based Priority Queuing |
Yes (2xx, 4xx and 5xx) |
Yes |
No |
IPv4 and IPv6 Management |
Yes |
Yes |
Yes |
Telnet / SSH |
Yes |
Yes |
Yes |
HTTP / HTTPS |
Yes |
Yes |
Yes |
SNMP v1/v2c/v3 |
Yes |
Yes |
Yes |
SNTP |
Yes |
Yes |
Yes |
Standard CLI and Web GUI Interface |
Yes |
Yes |
Yes |
Software download/upload: TFTP/FTP/GUI |
Yes |
Yes |
Yes |
Managed from FortiGate |
Yes |
Yes |
Yes |
Support for HTTP REST APIs for Configuration and Monitoring |
Yes |
Yes |
Yes |
RFC 2571 Architecture for Describing SNMP |
Yes |
Yes |
Yes |
DHCP Client |
Yes |
Yes |
Yes |
RFC 854 Telnet Server |
Yes |
Yes |
Yes |
RFC 2865 RADIUS |
Yes |
Yes |
Yes |
RFC 1643 Ethernet-like Interface MIB |
Yes |
Yes |
Yes |
RFC 1213 MIB-II |
Yes |
Yes |
Yes |
RFC 1354 IP Forwarding Table MIB |
Yes |
Yes |
Yes |
RFC 2572 SNMP Message Processing and Dispatching |
Yes |
Yes |
Yes |
RFC 1573 SNMP MIB II |
Yes |
Yes |
Yes |
RFC 1157 SNMPv1/v2c |
Yes |
Yes |
Yes |
RFC 2030 SNTP |
Yes |
Yes |
Yes |
* Supported on 2xx, 4xx and 5xx.
** Requires ‘Advanced Features’ License.