You may not think of Enterprise Networking when you hear Fortinet. This is understandable as Fortinet’s flagship product is a security appliance. However, Fortinet offers a full portfolio of ethernet switches that can scale from 8ports of 1GE Base-T to 32 ports of 100GE QSFP28. FortiSwitches are popular for branch office, SMB, and OT deployments but also fit well into complex campus networks and data centers. This blog will not discuss FortiSwitch topology and architecture though. Rather, I am going to introduce the various management options that exist for FortiSwitches.
The first management option is one you likely are already familiar with, independent management through the FortiSwitch’s local CLI or GUI. After all, network engineers have been successfully managing network infrastructure this way for decades. For me, there is nostalgia in managing switches independently, but I understand there are major operational benefits to centralized management. More on that to come. For now, let’s talk about the FortiSwitch CLI and GUI.
The FortiSwitch OS CLI structure is quite different than the ubiquitous command structures we find with other switch vendors such as Cisco, Arista, Aruba, etc. You may not immediately feel comfortable if you haven’t worked with other Fortinet shells before, but once you get the hang of it, the commands are quite intuitive. Additionally, Fortinet publishes a FortiSwitchOS CLI Reference Guide that can help navigate the CLI hierarchy.
The FortiSwitch GUI, on the other hand, is very intuitive and any network engineer should feel comfortable configuring the devices through this method. However, many advanced configuration components are only available in the CLI. So, depending on the complexity of your FortiSwitch deployment, you may still find yourself diving into the CLI for certain aspects of the configuration.
Standalone management of FortiSwitches may be a good option for small networks that do not have a FortiGate to act as the switch controller. However, configuring each switch independently can lead to human error as there is no single source of truth and each switch must be configured any time a network modification is needed.
For more consistent configuration and better visibility into the switched network, one of the following managed FortiSwitch options should be considered.
The most popular method for managing FortiSwitches is undoubtedly using the FortiGate Switch Controller. As you may have imagined, the FortiGate Switch Controller is built into the FortiGate which enables single pane of glass management of both your firewall and switches (and APs). FortiGate manages FortiSwitches using a proprietary protocol called FortiLink. You can think of FortiLink as a tunneling protocol for both management and data traffic.
The FortiGate Switch Controller is very simple to use. It brings with it deep visibility into the devices on your network and enhances security with built-in NAC features that allow you to dynamically profile devices and place them on the appropriate VLANs.
I typically recommend Fortinet customers manage their FortiSwitches through FortiGate. The convenience of integrating the two devices into the Security Fabric is hard to beat. Tasks that typically would require accessing the terminal of multiple standalone network devices can be completed through a single unified dashboard which simplifies network operations and saves an organization valuable time.
Bonus Note –FortiManager and FortiGate Cloud can also manage FortiSwitches if the FortiSwitch is managed by an onboarded FortiGate. This allows for separate FortiGate/FortiSwitch environments to be centrally managed.
The third management option is Fortinet’s cloud-delivered network management solution, FortiLAN Cloud. FortiLAN Cloud is a subscription based, cloud-hosted solution. This means that FortiLAN Cloud does not require any on-premises controller and is available anywhere you have internet access.
Like the previously mentioned FortiSwitch management option, FortiLAN Cloud is designed to be simple to use yet include all of the knobs an enterprise may need to turn to customize their deployment. FortiLAN Cloud also includes troubleshooting tools, monitoring dashboards, and built-in reports that can help an organization identify performance issues.If you are an MSP, FortiLAN Cloud supports multi-tenancy so you can keep your clients separated. Additionally, FortiLAN Cloud allows you to integrate with third-party IDPs using SAML 2.0.
FortiSwitch Manager looks and feels very similar to the FortiGate Switch Controller with one key difference; it does not require a FortiGate firewall. Instead, FortiSwitch Manager is sold as a subscription and delivered as a virtual machine that can be deployed in a supported hypervisor of your choice. You can think of FortiSwitch Manager as the FortiGate Switch Controller extracted and placed into its own appliance. Both solutions have a very similar look and feel.
FortiSwitch Manager is designed for scale and can manage up to 2500 FortiSwitches. It can also easily manage FortiSwitches across Layer 3 boundaries which makes it perfect for distributed enterprises that want central management of their switching environment. Additionally, FortiSwitch Manager does not require FortiGate so it removes the dependency of a single firewall platform and provides more vendor flexibility.
As I mentioned, FortiSwitch Manager and FortiLink management share many similarities but there are some key differences I want to highlight:
I hope this helps demystify the various options that exist for FortiSwitch management. Ultimately, the best option for your organization will depend on your specific requirements. If you would like a more detailed look into FortiSwitch, please contact Trustlink Technologies at info@trustlink.tech.