Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
SecurityPlus
Contributor II

New To FortiSwitch

I'm completely new to the FortiSwitch. We manage FortiGates in the 50E to 100D range. We also manage some FAP's via the FortiGate units.

 

I like the concept concerning having the ability to manage the switch from the firewall interface. I also like the Cooperative Security Fabric features. Can someone give me some real world feedback concerning the FortiSwitch? Any advantages that I might easily overlook? Any disadvantages? Are there any particular models or firmware versions to seek out or to avoid? Any best practices concerning the FortiSwitch's?

 

Thanks!

9 REPLIES 9
MikePruett
Valued Contributor

FortiSwitches still have a decent ways to go in order to be "reliable" in enterprise style environments (from my experience at least).

 

SOHO or SMB deployments I have good luck with them. As long as you aren't stacking software switches in your FortiGate configuration to bond all the interfaces things seem to work fairly well. Otherwise, the smaller Gates start eating themselves with overhead (software switches nuke performance)

Mike Pruett Fortinet GURU | Fortinet Training Videos
SecurityPlus

Thanks Mike! You mentioned software switches. Is there another way other than using "software switches" to stack FortiSwitches? In other words is there an available hardware stack configuration available?

 

If we were to try to deploy a 24 or 48 port FortiSwitch using just one subnet / VLAN, would this overwhelm a 60 - 100 series Gate if the network utilization without the FortiSwitch (using instead a Cisco, Dell, or HP switch) allowed the Gate to have sufficient performance?

SecurityPlus

Bump

MikePruett

SecurityPlus wrote:

Thanks Mike! You mentioned software switches. Is there another way other than using "software switches" to stack FortiSwitches? In other words is there an available hardware stack configuration available?

 

If we were to try to deploy a 24 or 48 port FortiSwitch using just one subnet / VLAN, would this overwhelm a 60 - 100 series Gate if the network utilization without the FortiSwitch (using instead a Cisco, Dell, or HP switch) allowed the Gate to have sufficient performance?

If they are all on the same vlan etc it should be ok. If you are tearing between mutliple subnets or VLAN on a 60D or smaller unit it will puke all over itself performance wise.

 

Most people use software switches to bind multiple interfaces (WIFI and LAN) together. I use hardware switches when configuring the ports that will be responsible for handling the fortlink connections though.

Mike Pruett Fortinet GURU | Fortinet Training Videos
SecurityPlus

Excellent Mike. Thanks so much! Just what I was hoping to learn.

 

I see that there are some "E" series switches out or coming out. Have you used any of the new model switches yet?

MikePruett

Negative. I haven't had the time to jump into the E-series yet. I still run mostly cisco gear for core route and switch behaviors.

Mike Pruett Fortinet GURU | Fortinet Training Videos
SecurityPlus

Thanks. I tried to order a FortiSwitch FS-108E and was told that it might not be available until end of Oct. or early Nov.

Prab

Hi SecurityPlus,

 

I would start with a network concept or plan & discuss this with your FortiNet SE (system engineer) or partner. Different people will have different network setups and also finally different solutions as well as problems. From my experience first try to figure out the the network plan and then if possible try a POC. Marketing/Sales representatives will demonstrate a lot of cool features but in real life projects, you'll face the truth ;)

Also there are some network topology that are not supported by the fortiGate & managed fortiswitches.

Some times the SecurityFabric is broken and does not show the complete fabric etc..

 

Software switch has limitation as far as I know:

http://kb.fortinet.com/kb/viewContent.do?externalId=FD31769

 

Aggregate Interface, might be an alternative to software switch

Some models of FortiGate units do not support aggregate interfaces.

 

Firmware version: Good practice is to read the release notes before trying a new firmware. At the moment I tested fortiOS 5.6.3 & fortiSwitchOS 3.6.3 and most of things worked for me at least!

 

Models: Really depends upon your network setup.

 

Hope it helps.

Thanks,

Prab

 

 

 

 

SecurityPlus

Thanks Prsb!
Labels
Top Kudoed Authors