IMHO a full featured 'core' switch is only needed if you need

- redundancy, that is, stacked switches (similar to a FGT HA cluster)

- routing protocols (ISIS, BGP, OSPF, ...) which would mostly refer to a WAN switch

- 10/25/40/50/100G interfaces for fiber lines

If you plan to segment your LAN into VLANs the FGT will do the routing (AFAIK the FS are Layer 2 only) which shouldn't be a problem.

What exactly in your surroundings can a HP switch achieve that a FortiSwitch can not? On the contrary, you can see a FS as an extension to the FGT thereby pushing your security policies right up to the access port. A switch from a different vendor is not integrated into the Security fabric (policies, logging, reporting), cannot be managed from a single pane of glass, and is not a security device. You will need additional training, and use different paths to service and support.

It sounds to me they distrust the FS. You can judge the reliability and feature set of the FS by your own experience.

Hello,

I have HPE 5900 in IRF. Working with two 600D fortigate in HA and doing Layer 3. I am satisfied with performance and stability. ps: I have 1700 users.

I have worked and know the A5900 (ComOS). Very decent and nice hardware.

But in this case quite an overkill.

To test:

which device is doing the routing at the moment? If it's the FGT you already have the answer whether it would be sufficiently powerful to handle your traffic.

How many total switches? 

do they all come back to one switch? 

are you daisy-chaining? 

What type of traffic on your lan?  

is port security a concern?

what switch are they recommending from HP?

We moved to the secure fabric about a year ago from an HP chassis (5408).  There are benefits to both

Fortinet recommended that we upgrade our current fortigate to use the secure fabric with our user count, we also purchased 448 switches.  Migration was ok, no big issues there.  Created the vlans on the fortigate applied the vlans to the ports.  At this point the policy count went through the roof as we did not want all the vlans talking to each other when they did not need to. 

Found that when doing fortigate updates that we lost all inter-vlan traffic, switch updates take quite a while.  Not that big of a deal for me, i can schedule them after hours but for a shop that cannot have much downtime this might be an issue. 

We do very large file transfers and the thing that was immediately noticed was that when multiple users pull large files that is was slower than the old switch.  I initially chalked this up to the security fabric doing its job but later found that the possible culprit was the switch capacity.

We may be abandoning the secure fabric only because renewals on the much overspec'd firewall (the new firewall was fortinet recommended).  It alone cost more than the 5400, HP has the lifetime with no renewals.

I do like the fact that my main (core) switch is separate from the fortigate in case something happens to the fortigate I can still work internally, but on the flip side I did like the single point of management i just don't know if its worth it.  

If you have that many users I would suggest a switch that all other switches come back to (this could be what they mean when talking about a 'core') and enough capacity to handle all the traffic from the edge switches.