© Copyright Fortinet Inc. All rights reserved. Secure Access FortiSwitch Product Overview Secure Wireless and Access Technologies August 2016
© Copyright Fortinet Inc. All rights reserved.
Secure Access FortiSwitch Product Overview Secure Wireless and Access Technologies August 2016
2
Agenda
§ Driving Toward a Secure Access Layer § FortiSwitch Product Family § Management and Features § Use Cases § Roadmap
Driving Toward A Secure Access Layer
4
Combine Security and Access for a Seamless Unified Experience
Security (NGFW/UTM)
Access (Enterprise)
Need More Speed Migration to 802.11ac
Device Growth
Seamless Unified
Experience
Application Growth
Move to wireless Including IoT
Unified Network
Operations Secure Access Architecture
(Integrated Security)
• The network edge provides the most challenging threat surface.
• Requirements of the access layer have increased
• In past 18 months FortiSwitch joined with a strategic acquisition of wireless technology to create Secure Access
5
Access Trends
Expectations Secure Unified Access Unified Policy and Enforcement Consistent User experience Simplified management that provides actionable information
Continuing proliferation of network enabled devices. How do you secure the internet of things?
6
Secure Access Product Portfolio
FortiPresence FortiAuthenticator
FortiManager FortiWLM
FortiClient FortiWiFi
Fortinet Controllers
FortiAP
FortiExtender
FortiSwitch (POE)
SECURE ACCESS PORTFOLIO
U
Development and Innovation Focused On End to End Secure Access Growing Natively Out of the Security Fabric
Network Secure LAN Access
Secure WLAN Access
Secure Cloud
Secure Devices
Sandboxing Policy
Email Security
Web Security
7
Strategic Expansion of a Secure Access Layer
§ Experiencing Exponential growth in Enterprise switching » Over 100% growth yoy in switching sales. » Current sales in last two quarters combined exceeds total sales for previous year
FortiSwitch development began over 4 years ago with a focus on creating a secure, scalable, high performance access layer.
2012 2013 2014 2015 2016 to date
FortiSwitch
FortiSwitch
8
Common Access Experience For Users Simplified Management Process for Administrators
• Consistent user experience • Consistent policies: for access, security, and applications. • Support for multiple devices in the enterprise o Wireless: Smartphones, tablets, mobile POS, IOT o Wired: Desktops, terminals, printers, phones, servers
• Network Management: Wired, wireless and security management possible through a single pane of glass
• Control: Switches, Access Points, Security Appliances • Performance: Speed, Low Latency, Fast Roaming
Wired
Wireless
VPN
Single Pane of Glass (Management)
Single point of Security Updates
Single Network Operating System
Single point of Authentication and SSO
The FortiSwitch Product Family
10
Introducing FortiSwitch
Broad portfolio of Stackable Secure Access Switches 1GbE, 10GbE and 40GbE capable Flexibility to grow as needed. Suitable for desktop, wiring closet, and top of rack
Simplified management and ease of deployment through the FortiGate.
Ideal for Converged “Integrated” deployments. Enable voice, data, and wireless traffic to be delivered across a single network. Provide power and policy enforcement.
11
FortiSwitch Access Switch Family Entry
100 Series List Price Range:
$495-$795
Entry Level Switch
8 to 24 gigabit Ethernet ports, POE Capable
Desktop to wiring closet.
100 Series offers 2 SFP gigabit Ethernet uplink ports
Mid Range 200 Series
List Price Range:
$1300-$2000
Mid level Switch
24 to 48 gigabit Ethernet ports POE+ Capable
Typical wiring closet switch
200 series offers 4 SFP gigabit Ethernet uplink ports
Premium 400 Series
List Price Range:
$1100-$4000
Enterprise Switch
24 to 48 gigabit Ethernet ports POE+ Capable
Larger wiring closet or high throughput requirements.
400 Series offers up to 4 SFP 10gigabit Ethernet uplinks
Aggregation 500 Series
List Price Range:
$3000-$4500
Aggregation Switch
24 to 48 gigabit Ethernet ports POE+ Capable
500 Series offers 4 X10 gigabit SFP and 2 X 40 gigabit SFP Ethernet uplinks
12
1000 Series List Price Range: $11,995 - $14,995
Data Center Aggregation Switch 24 and 48 10 Gigabit Ethernet SFP ports 1000 Series offers up to four 40 Gigabit Ethernet QSFP+ uplink ports Dual hot swappable power supplies
3000 Series List Price $17,995
Data Center Switch 3000 series offers 32 x 40 Gigabit Ethernet QSFP+ ports Dual hot swappable power supplies
FortiSwitch Top of Rack Switch Family
13
§ Copper and Optical Options § Supports SFP, SFP+, QSFP+,
DAC and CFP2 slots § Performance from 1 Gbps
to100 Gbps
FortiSwitch Transceivers
Management and Features
15
FortiSwitch Management Through Fortilink
Single Pane of Management for
Managed Switches
Switch Management • Auto Discovery • Utilizes FortiLink
protocol for secure management.
• Visibility into port speed/status
• Centrally manage segmentation.
• Apply security policy. • Authenticate clients
centrally via 802.1x or captive portal
16
Controlling FortiSwitch with FortiGate
1. Configure FGT interface for Fortilink 2. Connect FSWs
17
Single Pane of Glass Management Security Wireless Switching
18
FortiLink Stacking High Port Density with Ease of Management § Single IP for Management through FortiGate
§ One FortiLink Stack Configuration will support up to 16 FortiSwitch » Port Density From 8 to 768 ports with 16 FortiSwitches Stack » Any combination of Gig or 10G Switches
FGT is single IP for management
STP is running in the FortiLink and Interswitch Links
Each FSW is a separate unit
Each inter-switch link is formed automatically
19
Ready to apply FortiGate Top Class Security
20
Device Detection – Per Port Device Visibility
Use Cases
22
Secure Access Switching Use-cases: Retail
• Easy of deployment in high scale
• POE+ connectivity • Easily adapt to new retail technology
Simplicity Visibility Compliance
23
Secure Access Switching Use-case: Branch
§ POE+ to power infrastructure, phones, and IOT devices
§ Device identification and user/device policy enforcement
§ Centralized network infrastructure and security management
Securely Enable Services Required for Branch Deployments
24
Secure Access Switching Use-case: Enterprise
§ Ease of deployment § FortiLink high bandwidth
switch stacking provides flexibility to grow as needed.
§ Security Services including device identification and policy enforcement
Enterprise
Allows For Growth, Maintains Ease of Use and Security
10Gig
1Gig
10Gig
Roadmap
26
Software Roadmap
Q1/16 Q2/16 Q3/16 Q4/16
FSW 3.4.0
• MAC/IP/Protocol Based VLAN Assignment
• User based (802.1x) VLAN Assignment
• Static L3 Routing (Hardware) on 100, 200 and 400 Series *
• ACL redirect to mirror destination as trunk/LAG
• MAC-IP Binding on 500 Series • Virtual Wire • Support for HTTP REST APIs for
Configuration and Monitoring
FSW 3.6.0
• DHCP Snooping • L3:DHCP Relay • QoS: 802.1p Support • LLDP-MED • 802.1x Enhancements (inc/ Mac Authentication
Bypass) • SNMP enhancements • IGMP-snooping
FSW 3.5.0
• Dynamic ARP Inspection • MLAG • Dynamic L3 Protocols
FSW 3.4.2
• Fortilink on more FortiGate Models
• FortiLink Stacking • Per-port Device Visibility • Spanning Tree on
FortiSwitch ports • Link Aggregation
FortiSwitch ports • Storm Control Support • FortiSwitch ‘log’export to
FortiGate • Trusted/Untrusted Ports
support (for DHCP) • Port Statistics Display
• MLAG • L3 discovery • HA active-active (FOS 5.6.0) • LLDP (FOS 5.4.2) • Support RMA (FOS 5.4.2) • IGMP snooping config (5.4.2) • Redundant Uplinks (5.6.0) • 802.1x enhancements/MAB (5.6.0) • Security Features (5.6.0)
Standalone FortiLink (needs FOS)
27
Additional Resources
§ Datasheet https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/FortiSwitch_D_Series.pdf § Main Product Page https://www.fortinet.com/products-services/products/switches/secure-access-switches-fortiswitch.html § Product Matrix https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/Fortinet_Product_Matrix.pdf
FortiLink Supported Topologies For Reference
30
FortiLink-LAG (Link Aggregation)
FGT
FSW
• A port can be member of multiple vlans (native-vlan + number of allowed-vlans)
Interface type = ‘aggregate’ With one or more members
31
FortiGate and Multiple Switches (Star)
FGT
FSW
Interface type = ‘physical’ or ‘aggregate’
• A port can be member of multiple vlans (native-vlan + number of allowed-vlans)
ISL InterSwitchLink
32
FortiGate and Multiple Switches (Ring)
FGT
FSW-1
FSW-N
FSW-2
Devices on ‘FortiLink’ setup – A
P’s,
Servers, P
C, IP
-Phones, IP cam
eras (any IP device!)
• U
nified view of all FS
Ws
Active FortiLink
StandbyFortiLink
FSW connected in ‘Ring’ to provide redundancy
ISL InterSwitchLink
`
• Interface type ‘physical’ or ‘aggregate’ • Only ‘aggregate’ type can support “Standby
FortiLink” – Max 2 physical members
33
Fortigate and Multiple FSWs (on hw-switch/sw-switch interface)
FGT
FSWs
Interface type = ‘hw-switch’ or ‘sw-
switch’
• A port can be member of multiple vlans (native-vlan + number of allowed-vlans)
• Device outside of FortiLink can L2 communicate with FSW Ports
• Device needs to support 802.1q tagging
34
FGT HA Pair and Multiple Switches (Ring)
HA Link FGT-1 FGT-2 (HA-Peer)
FSW-1
FSW-N
FSW-2
Devices on ‘FortiLink’ setup – A
P’s,
Servers, P
C, IP
-Phones, IP cam
eras (any IP device!)
• U
nified view of all FS
Ws
Active FortiLink
StandbyFortiLink
FSW connected in ‘Ring’ to provide redundancy
FGT
FortiLinks
ISL
FSW
Failover Protection @
With Ease of Management and
Features
ISL InterSwitchLink
35
Enterprise/Office Closet
36
FGT HA Pair and Multiple Switches (Star)
FGT-Master
FSW
Interface type = ‘physical’ or ‘aggregate’
• A port can be member of multiple vlans (native-vlan + number of allowed-vlans)
ISL InterSwitchLink
FGT-Slave
Active FortiLink
StandbyFortiLink