Skip to main content
veechee
veechee
New Member
May 28, 2016
Question

Full stack Fortinet network (FGT, FSW, FAP) - anyone tried it out or implemented?

  • May 28, 2016
  • 1 reply
  • 12601 views

I am presently scoping a network refresh at an HQ.  Needs aren't too crazy as most servers have been moved to the cloud, and will max out around 200 users.  My primary plan was to use FortiGate's in HA, perhaps a FortSwitch at the edge using FortiLink, and then Cisco Meraki stacked switches at the core (most of office terminates to it), as well as lower-end Cisco Meraki for access switches.  There will be 5-7 switches total.  Cisco Meraki AP's are already in use which I was planning to keep, but more will be needed with the refresh.  All switching will be PoE.

 

However, looking further into FortiLink, and after talking with Fortinet presales recently, I am intrigued by doing a full stack in Fortinet, with FortiLink used to manage border/edge, core and access, and manage APs.  FortiManager and FortiAnalzyer would be used in this setup then, to match Cisco Meraki functionality and visibility as we scale it out across locations.

 

Has anyone tried this kind of 'full stack' Fortinet out yet?  Any implementations done?  Fortinet was confident they could come in considerably cheaper - which is always good - and I would have only 'one pane of glass' then to see the entire network.  So as I said, it's intriguing, but I absolutely need the solution to be rock solid when it goes in, and I need it to be able to be done again and again over the next few years at additional locations worldwide.

 

 

    1 reply

    James_Ndefo
    James_Ndefo
    New Member
    August 11, 2016

    Hello Veechee,

     

    did you eventually go with the fortiswitches? I'm curious as to if you implemented across multiple VDOMs on the Fortigate

    CyberNorris
    CyberNorris
    New Member
    August 19, 2016

    I have a couple of clients running FortiAPs and FortiSwitches ... and have them set up in my home lab. AP management from the FortiGate is awesome. FortiSwitch management with 5.4.1 is now quite good... was a *itch in 5.2. Many of the switches now require 5.4 to be managed.

    What I haven't been able to find in the FortiGate management of a FortiSwitch yet is the arp table from the switch... but I haven't looked all that hard. 

     

    I do not have multiple VDOMs set up on any FortiGate with FortiSwitch attached.

    CyberNorris
    CyberNorris
    New Member
    September 16, 2016

    Dittos on the *itch bit in 5.2.x. In 5.4.1 it's pretty awesome. I've had a FSW-108D-POE at home off of a 60D-POE for nearly a year.

     

    Read the document titled Manage FSW from FGT 54 ... and pay attention to the stacking section. With 5.4.1 only one switch is connected to the FortiGate on the port dedicated to FortiLink. The stacking section of that doc explains how to build a LAG on the FortiGate and enable stacking so that you can have the other end of your stack connected for failover in the event of a failure from that active.

     

    Issues:

     

    FortiLink is not enabled on all ports of some switches by default ... the 48 port switches had FortiLink enabled from the factory only on the fiber ports.

    LAG has to be built in CLI, no LAG between multiple switches (though I'm told that is coming).

    No LAG on FortiLink ports (want more than a 1GB link, get switches with faster ports) ... hopefully this change will be coming.

    I've got one in a 2-switch stack right now that's showing as offline, though it's still switching fine as a server and most of the desktops in this office are still talking fine. Support is looking into it so we're letting it float as is right now.

     

    I've contemplated keeping the management ports connected as a back door from the FortiGate, though managing them away from the FortiGate could potentially create some issues... gotta discuss that with some engineers at some point.

     

    Overall I'm liking the FortiSwitch and FortiAP management from the FortiGate. One last note... when upgrading FortiOS, be sure and read the release notes. On the home network I failed to upgrade the switch and AP before the Gate from 5.4 to 5.4.1... and it created some craziness that was resolved once the managed devices were upgraded. Lesson learned... upgrade switch and AP before Gate!

    Terms & ConditionsAccessibility statement