The world is rapidly changing. The demands of everywhere mobility, evolving IoT, cloud adoption, and rapidly advancing security threats make IT managers rethink how their networks are designed and implemented. Much like IT managers having to rethink their networks, OEMs are doing their part to bring new solutions to the table. We've put two OEMs up against another – a long-time leader in the switching space and an innovative partner introducing their network switches.
Most corporate networks maintain a mixture of wired and wireless technologies, including Ethernet switching as part of the wired infrastructure. Many devices can connect to a network using an Ethernet switch, and administrators can monitor traffic, control communications among machines, securely manage user access, and rapidly troubleshoot.
Download the guide and refer back to it at any time!
Today will focus on Fortinet's FortiSwitch, which delivers outstanding security, performance, and manageability. It's secure, simple, and scalable. We compare the threat-conscious FortiSwitch to the well-known 2960X from Cisco. If you haven't heard, there is big news with the 2960X coming up.
Fortinet's FortiSwitches help you adapt to the fast-changing digital landscape while protecting your network from security attacks. When new technologies, applications, and devices emerge, your network will be ready to handle these changes. FortiSwitch offers several benefits related to security, mobility, IoT, and the cloud. Rather than asking how to secure traditional Ethernet LANs, Fortinet takes a security-driven networking strategy offering Ethernet an expansion of the security infrastructure through FortiSwitch and FortiLink.
Moreover, in the most up-to-date release of FortiOS 6.4, base NAC functionality is covered with no extra licensing. FortiSwitch is ideal for Secure SD-Branch and applications ranging from desktop to data center.
We can integrate FortiSwitch with Fortinet Security Fabric via FortiLink, then FortiSwitch can be directly managed from the FortiGate interface. This single-point management provides comprehensive visibility and administration of users and devices on the network despite its connection. This management option makes the FortiSwitch ideal for SD-Branch deployments with applications that range from desktop to data center aggregation, allowing businesses to converge their security and network access.
FortiSwitch can use any network like Campus, Branch, Healthcare, and Manufacturing.
| Entry 100 Series | Mid-Range 200 Series | Premium 400 Series | Aggregation 500 Series |
|
Entry-level switch |
Mid-level switch |
Enterprise switch |
Aggregation switch |
|
8-48 GE ports PoE+ capable |
24-48 GE ports PoE+ capable |
24-48 GE ports PoE+ capable |
24-48 GE ports PoE+ capable |
|
Desktop to the wiring closet |
Typical wiring closet switch |
Larger wiring closet or high throughput requirements |
Larger wiring closet or high throughput requirements |
|
2-4 GE SFP uplink ports |
4 GE SFP uplink ports |
4x 10 GE SFP+ uplink ports |
4x 10 GE SFP+ and 2x 40 GE QSFP uplink ports |
|
4x 10GE SFP+ uplink ports |
|
It's important to compare firewalls like the ASA and FortiGate devices. Here at PivIT, we know the importance doesn't stop with the device itself. It stretches to what is available today, financing options, and more. We make it easy for you to find the hardware to build your network on your terms.
|
Feature |
Details |
|
Management and Configuration |
FortiSwitch FortiLink Mode (with FortiGate) |
|
Auto Discovery of Multiple Switches |
Yes |
|
Number of Managed Switches per FortiGate |
8 to 300 depending on FortiGate model |
|
FortiLink Stacking (Auto Inter-Switch Links) |
Yes |
|
Software Upgrade of Switches |
Yes |
|
Centralized VLAN Configuration |
Yes |
|
Switch POE Control |
Yes |
|
Link Aggregation Configuration |
Yes |
|
Spanning Tree |
Yes |
|
LLDP/MED |
Yes |
|
IGMP Snooping |
Yes |
|
L3 Routing and Services |
Yes (FortiGate) |
|
Policy-Based Routing |
Yes (FortiGate) |
|
Virtual Domain |
Yes (FortiGate) |
|
802.1x Authentication (Port-based, MAC-based, MAB) |
Yes |
|
Syslog Collection |
Yes |
|
DHCP Snooping |
Yes |
|
Device Detection |
Yes |
|
MAC Black/While Listing |
Yes (FortiGate) |
|
Policy Control of Users and Devices |
Yes (FortiGate) |
|
Block Intra-VLAN Traffic |
Yes |
|
Firewall |
Yes (FortiGate) |
|
IPC, AV, Application Control, Botnet |
Yes (FortiGate) |
|
Support FortiLink FortiGate in HA Cluster |
Yes |
|
LAG support for FortiLink Connection |
Yes |
|
Active-Active Split LAG from FortiGate to FortiSwitches for Advanced Redundancy |
Yes (with FS-2xx, 4xx, 5xx) |
Fortinet's Ethernet switches can manage standalone or integrate directly into the Fortinet Security Fabric via the FortiLink protocol. FortiLink is an innovative proprietary management protocol that allows the FortiGate Next-Generation Firewall to manage any FortiSwitch.
FortiLink enables the FortiSwitch to become a logical extension of the FortiGate, integrating it directly into the Fortinet Security Fabric. FortiLink integration enables centralized policy management, including role-based access and control, making it easy to implement and manage. This control and manageability make FortiSwitch ideal for SD-Branch deployments. Finally, FortiLink enables stacking of up to 300 switches per FortiGate, depending on the model.
The below table shows different types of management options to manage FortiSwitch.
|
Feature |
FortiSwitch 124F |
Cisco Catalyst 2960X-24TS-L |
FortiSwitch 124F-FPOE |
Cisco Catalyst 2960X-24PS-L |
| Hardware Specifications | ||||
|
Total Network Interfaces |
24x GE RJ45 and 4x 10GE SFP+ |
24x GE RJ45 and 4x 1GE SFP |
24x GE RJ45 and 4x 10GE SFP+ |
24x GE RJ45 and 4x 1GE SFP |
|
Form Factor |
1 RU Rack Mount |
1 RU Rack Mount |
1 RU Rack Mount |
1 RU Rack Mount |
|
Power over Ethernet (PoE) Ports |
- |
- |
24 (802.3af/at) |
24 (802.3af/at) |
|
PoE Power Budget |
- |
- |
370 W |
370 W |
|
System Specifications |
||||
|
Switching Capacity |
128 Gbps |
216 Gbps |
128 Gbps |
216 Gbps |
|
Packets Per Second |
190 Mpps |
71.4 Mpps |
190 Mpps |
71.4 Mpps |
|
MAC Address Storage |
32 K |
16 K |
32 K |
16 K |
|
Buffers Size |
2 MB |
4 MB |
2 MB |
4 MB |
|
DRAM |
512 MB |
512 MB |
512 MB DDR3 |
512 MB |
|
FLASH |
64 MB |
128 MB |
64 MB |
128 MB |
Fortiswitch 124F, is offering 4 x 10G SFP+ uplinks, which is a significant advantage to connect with a 10G distribution. Also, the forwarding rate is much higher compared to Cisco's 2960X. Though Cisco has more switching capacity and buffer size, it doesn't have any 10G uplink in the Catalyst 2960X-24TS-L or 2960X-24PS-L. Fortinet uses only one OS across the whole platform, whereas Cisco uses three OS and licensing models for the 2960X.
Cisco has announced the end of sale and end of life for the 2960X on 31 October 2021. However, despite this news, the 2960X is the perfect switch to make use of OneCall. To learn more about our maintenance offering click here.
If you don’t want to change your network to an infrastructure that is still supported by Cisco, we can provide the maintenance for you, even when an end of sale or end of life occurs. Reach out to us for assistance regarding OneCall.
However, if you want to upgrade, we encourage you read through our blog post comparing the Cisco Catalyst 2960-XR and 3850 switches.