Tech Corner

Fortinet FortiSwitch Overview and Comparison With Cisco 2960X

The world is rapidly changing. The demands of everywhere mobility, evolving IoT, cloud adoption, and rapidly advancing security threats make IT managers rethink how their networks are designed and implemented. Much like IT managers having to rethink their networks, OEMs are doing their part to bring new solutions to the table. We've put two OEMs up against another  – a long-time leader in the switching space and an innovative partner introducing their network switches.

Most corporate networks maintain a mixture of wired and wireless technologies, including Ethernet switching as part of the wired infrastructure. Many devices can connect to a network using an Ethernet switch, and administrators can monitor traffic, control communications among machines, securely manage user access, and rapidly troubleshoot.

Today will focus on Fortinet's FortiSwitch, which delivers outstanding security, performance, and manageability. It's secure, simple, and scalable. We compare the threat-conscious FortiSwitch to the well-known 2960X from Cisco. If you haven't heard, there is big news with the 2960X coming up.

Fortinet Secure Ethernet Switching Overview

Fortinet's FortiSwitches help you adapt to the fast-changing digital landscape while protecting your network from security attacks. When new technologies, applications, and devices emerge, your network will be ready to handle these changes. FortiSwitch offers several benefits related to security, mobility, IoT, and the cloud. Rather than asking how to secure traditional Ethernet LANs, Fortinet takes a security-driven networking strategy offering Ethernet an expansion of the security infrastructure through FortiSwitch and FortiLink.

Moreover, in the most up-to-date release of FortiOS 6.4, base NAC functionality is covered with no extra licensing. FortiSwitch is ideal for Secure SD-Branch and applications ranging from desktop to data center.

We can integrate FortiSwitch with Fortinet Security Fabric via FortiLink, then FortiSwitch can be directly managed from the FortiGate interface. This single-point management provides comprehensive visibility and administration of users and devices on the network despite its connection. This management option makes the FortiSwitch ideal for SD-Branch deployments with applications that range from desktop to data center aggregation, allowing businesses to converge their security and network access.

Highlights of FortiSwitch

  • Designed for campus edge and core network.
  • Ideal solution for software-defined branch (SD-Branch) deployments.
  • Offers up to 48 ports in a compact 1 RU form factor.
  • Stackable up to 300 switches per FortiGate.
  • Centralized security and access administration from FortiGate interfaces with FortiLink.
  • Optimal for converged network environments, allowing voice, data, and wireless traffic delivered across a single network.
  • Supports non-FortiLink deployments via command-line configuration, onboard GUI, or API.
  • Supports Wire-speed switching and Store and Forward forwarding mode.

FortiSwitch Use Cases in Ethernet Networking

FortiSwitch can use any network like Campus, Branch, Healthcare, and Manufacturing. 

Fortinet FortiSwitch use cases such as campus, healthcare, and manufacturing 

Model Breakdown

Entry 100 Series Mid-Range 200 Series Premium 400 Series Aggregation 500 Series

Entry-level switch

Mid-level switch

Enterprise switch

Aggregation switch

8-48 GE ports

PoE+ capable

24-48 GE ports

PoE+ capable

24-48 GE ports

PoE+ capable

24-48 GE ports

PoE+ capable

Desktop to the wiring closet

Typical wiring closet switch

Larger wiring closet or high throughput requirements

Larger wiring closet or high throughput requirements

2-4 GE SFP uplink ports

4 GE SFP uplink ports

4x 10 GE SFP+ uplink ports

4x 10 GE SFP+ and 2x 40 GE QSFP uplink ports

4x 10GE SFP+ uplink ports

 

 

 

 

FortiSwitch Software Features

Feature

Details

Management and Configuration

FortiSwitch FortiLink Mode (with FortiGate)

Auto Discovery of Multiple Switches

Yes

Number of Managed Switches per FortiGate

8 to 300 depending on FortiGate model

FortiLink Stacking (Auto Inter-Switch Links)

Yes

Software Upgrade of Switches

Yes

Centralized VLAN Configuration

Yes

Switch POE Control

Yes

Link Aggregation Configuration

Yes

Spanning Tree

Yes

LLDP/MED

Yes

IGMP Snooping

Yes

L3 Routing and Services

Yes (FortiGate)

Policy-Based Routing

Yes (FortiGate)

Virtual Domain

Yes (FortiGate)

802.1x Authentication (Port-based, MAC-based, MAB)

Yes

Syslog Collection

Yes

DHCP Snooping

Yes

Device Detection

Yes

MAC Black/While Listing

Yes (FortiGate)

Policy Control of Users and Devices

Yes (FortiGate)

Block Intra-VLAN Traffic

Yes

Firewall

Yes (FortiGate)

IPC, AV, Application Control, Botnet

Yes (FortiGate)

Support FortiLink FortiGate in HA Cluster

Yes

LAG support for FortiLink Connection

Yes

Active-Active Split LAG from FortiGate to FortiSwitches for Advanced Redundancy

Yes (with FS-2xx, 4xx, 5xx)

 

Management and Deployment

Fortinet's Ethernet switches can manage standalone or integrate directly into the Fortinet Security Fabric via the FortiLink protocol. FortiLink is an innovative proprietary management protocol that allows the FortiGate Next-Generation Firewall to manage any FortiSwitch.

FortiLink enables the FortiSwitch to become a logical extension of the FortiGate, integrating it directly into the Fortinet Security Fabric. FortiLink integration enables centralized policy management, including role-based access and control, making it easy to implement and manage. This control and manageability make FortiSwitch ideal for SD-Branch deployments. Finally, FortiLink enables stacking of up to 300 switches per FortiGate, depending on the model.

The below table shows different types of management options to manage FortiSwitch.

Fortinet FortiSwitch management options

Model Comparison Between FortiSwitch 124F and Cisco 2960X

Feature

FortiSwitch 124F

Cisco Catalyst 2960X-24TS-L

FortiSwitch 124F-FPOE

Cisco Catalyst 2960X-24PS-L

Hardware Specifications

Total Network Interfaces

24x GE RJ45 and   4x 10GE SFP+

24x GE RJ45 and 4x 1GE SFP

24x GE RJ45 and 4x 10GE SFP+

24x GE RJ45 and 4x 1GE SFP

Form Factor

1 RU Rack Mount

1 RU Rack Mount

1 RU Rack Mount

1 RU Rack Mount

Power over Ethernet (PoE) Ports

-

 -

24 (802.3af/at)

24 (802.3af/at)

PoE Power Budget

-

 -

370 W

370 W

System Specifications

Switching Capacity

128 Gbps

216 Gbps

128 Gbps

216 Gbps

Packets Per Second

190 Mpps

71.4 Mpps

190 Mpps

71.4 Mpps

MAC Address Storage

32 K

16 K

32 K

16 K

Buffers Size

2 MB

4 MB

2 MB

4 MB

DRAM

512 MB

512 MB

512 MB DDR3

512 MB

FLASH

64 MB

128 MB

64 MB

128 MB

 

Fortiswitch 124F, is offering 4 x 10G SFP+ uplinks, which is a significant advantage to connect with a 10G distribution. Also, the forwarding rate is much higher compared to Cisco's 2960X. Though Cisco has more switching capacity and buffer size, it doesn't have any 10G uplink in the Catalyst 2960X-24TS-L or 2960X-24PS-L. Fortinet uses only one OS across the whole platform, whereas Cisco uses three OS and licensing models for the 2960X.

Looking Ahead for Your Network

Cisco has announced the end of sale and end of life for the 2960X on 31 October 2021. However, despite this news, the 2960X is the perfect switch to make use of OneCall. To learn more about our maintenance offering click here.

If you don’t want to change your network to an infrastructure that is still supported by Cisco, we can provide the maintenance for you, even when an end of sale or end of life occurs. Reach out to us for assistance regarding OneCall.

Chat with the OneCall Team

However, if you want to upgrade, we encourage you read through our blog post comparing the Cisco Catalyst 2960-XR and 3850 switches.

No Comments Yet

Let us know what you think

Subscribe by email