FortiSwitch and Security Fabric v2 - Public PDF
FortiSwitch and Security Fabric v2 - Public PDF
FortiSwitch and Security Fabric v2 - Public PDF
1
© Copyright Fortinet Inc. All rights reserved.
Introduction
2
Challenges at the Access Layer
4
Fortinet Security Fabric
A Security Architecture that provides:
Delivered as:
5
Secure Unified Access MANAGEMENT-ANALYTICS
FortiSwitch
Switching Infrastructure
FortiNAC
Network Access Control Appliance Virtual UNIFIED ACCESS
Machine
FortiAuthenticator, FortiToken
FortiConnect
Hosted
Identity and Identity Management
ADVANCED THREAT PROTECTION
6
FortiSwitch in Security Fabric
7
Fortinet Secure Unified Access
Secure
FortiSwitch Pervasive Security through Fortinet
Security Fabric Integration.
Simple
Multiple Simplified Management,
Deployment, and Network Architectures.
Scalable
Stackable up to 300 switches per
FortiGate.
8
FortiSwitch Deployment Options
API
Command >_
Line
9
New Cloud Management Options for FortiSwitch
FortiLink
Gui >_
API
Command >_
Line
10
FortiSwitch integration with FortiGate
FORTISWITCH BECOMES A LOGICAL EXTENSION OF FORTIGATE
First
» A special connection is used
(FORTILINK)
» Specific protocols (CAPWAP,
API, NTP, LLDP) and
information are exchanged
between FG and FSW
(heartbeats, config, monitor,
user data)
11
FortiSwitch integration with FortiGate
FORTISWITCH BECOMES A LOGICAL EXTENSION OF FORTIGATE
Then
» VLANs are defined
» VLANs are assigned to ports
» Other configurations for
switches are centralized in FG
(Like 802.1X, etc..) that can be
applied to ports
» Monitoring allows port status
inspection, PoE, VLANs
assigned, etc..
12
Integrated Security
It is our mission
13
FortiSwitch integration with FortiGate
FORTISWITCH BECOMES A LOGICAL EXTENSION OF FORTIGATE
Then
» Configured VLANs are
becoming FW interfaces in FG
» FG Security Polices can be
applied to protect traffic as
pleased
14
Workflow Automation Automation
15
Automated response to compromised devices
TAKING RESPONSE TIME OUT OF THE EQUATION
How it works
» A devices is detected as
compromised by one element of
the fabric
» Switches and APs can
automatically quarantine the
device at the access layer
16
Full Visibility and Security Control
17
Simplified Management
Because you need it…
18
Simplified Management
KEY POINTS
Stacking
» Offers single ip address management (FG’s Management IP Address)
» Stacking Links are created automatically (no need to configure them)
19
Stacking
FGT is single IP for management
MCLAG or
STP running
in the inter-
switch links
20
FortiSwitch in Fortinet Security Fabric
21
FortiSwitch Topology Example
22
FortiSwich Manager Module
FSW in FortiLink Mode
23
Scalability
Because it’s important
24
Scalability
KEY POINTS
Stacking
» You can have one big network
25
From simple to advanced deployment
Singe FG or HA
26
Large Enterprise Deployment
MCLAG – Link and Switch Redundancy
MCLAG
rack1 rack2 rack3
27
Product Lineup
From Campus to Data Center
28
FortiSwitch Gigabit Access Switch Family
29
FortiSwitch Aggregation Switch Family
30
FortiSwitch Rugged Switch Family
31
Use cases
2 out of many…
32
Use Case One
Easy to Scale
33
Use Case Two
Why Fortinet:
Adaptable
Architecture able to securely and quickly scale.
Ease of Management FortiGate
Secure SDWAN
Manage Security, Access, and WAN in one interface.
34
WHY Fortinet
And this is your decision
35
Why Our Customers Choose Fortinet Ethernet