Fortinet FortiSwitch - Secure Simple Scalable

There are several challenges at the access layer today. On one hand, the number of devices is getting bigger and bigger. On the other hand, threats are increasingly complex and breaches more common. In addition, IT management is complex and personnel is scarce and expensive. Therefore, legacy Ethernet LAN’s are at capacity, standard network designs have to add a new security layer and the complexity increases time to resolve issues. Fortinet Fortiswitch helps us to deploy and manage a secure simple scalable model to address Ethernet access.

Most network administrators want to manage the whole network easily. They have lots of switches to manage and they also want visibility of what just happened. This is really difficult to achieve when we use the CLI, instead, we should use a network controller with GUI like FortiGate. Thanks to FortiLink, we can manage Fortinet switches and Fortinet access points from a unique web interface centrally. What’s more, FortiLink works at layer 2 and also at layer 3, which means, we can manage FortiSwitches from the FortiGate controller when they are in the same network (L2) but also when they need routing (L3) to reach each other.

FortiSwitch Deployment Options

There are lots of topologies we can deploy with FortiSwitches. We can deploy a basic one with a single FortiSwitch or a much more complex topology with MCLAG pairs and FortiGate HA Active/Passive cluster. When we deploy a FortiGate HA pair and multiple switches in star topology, we can configure an active FortiLink and also a standby FortiLink for redundancy. However, if we deploy a ring topology, we’ll see easily from the Security Fabric what is the InterSwitchLink (ISL) which is in STP discarding state.

FGT HA A/P with Two 1st-tier MCLAG Pairs

The Security Driven Networking enables a convergence of security and network access, thus, it extends security to the access layer. For instance, switches and APs can automatically quarantine a malicious device at the access layer to minimize attacks. We can also configure micro-segmentation to avoid spreading attacks over the LAN. Dynamic VLAN assignment or 802.1x policy are another two security features really useful which can be applied to FortiSwitches from FortiGate.

FGT NAC Policy

Managing switches and APs from FortiGate is great but when we have a lot of devices to manage, we need something else. FortiManager helps us in large scale deployments because we can assign templates, authorize, restart and upgrade easily all managed switches. In addition, we can assign VLANs and port properties such as 802.1x policy, PoE, DHCP Snooping, STP properties, IGMP Snooping, etc. Therefore, FortiManager is the best solution for large deployments.

FortiSwich Manager Module - Managed Switches

To sum up, network administrators are scarce and expensive, and most of them have lots of tasks to do daily. They want an easy way to manage all access devices from a single web page. In addition, security is already a must in the company. From my point of view, FortiSwitches is a good solution for all of them.

Regards my friends! How are you managing your switches?