Unlock Exclusive Benefits
Join Our Community Today!
Join our Community and post in the forum to earn your exclusive badge; celebrating 3 years of the Fortinet Community!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Forums
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDevSec
- FortiDeceptor
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiHypervisor
- FortiGuard
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiWebCloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Re: Advantages/Disadvantages of deploying Fortilin...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Advantages/Disadvantages of deploying Fortilink as hardware switch vs aggregate?
I'm working in an environment where some sites have Fortilink set as an aggregate, and some as a hardware switch. Are there any benefits to standardizing on one design over the other, aside from consistency across the org?
Labels:
- Labels:
-
FortiGate
-
FortiSwitch
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Standardizing on one network design, whether using FortiLink as an aggregate or hardware switch, offers several benefits:
- Simplicity: Easier management and troubleshooting.
- Efficiency: Streamlined support, training, and upgrades.
- Integration: Improved compatibility with other tools.
- Performance: Better optimization and reliability.
- Vendor Support: Enhanced assistance and documentation.
- Security: Consistent policies across the network.
- Predictability: Baseline metrics for monitoring.
- Change Management: Simplified updates with fewer disruptions.
- Cost Savings: Reduced training, support, and hardware expenses.
Siddhanth Poojary
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @LBC_Solutions_Arch
The main difference between Fortilink as a hardware switch and as an aggregate is how traffic is forwarded.
In a hardware switch, traffic is forwarded directly between the ports on the FortiGate, without involving the CPU. This can provide better performance, especially for high-bandwidth traffic. However, a hardware switch can only be used with FortiGates that have integrated switches.
In an aggregate, traffic is forwarded between the ports on the FortiGate by the CPU. This can provide less performance than a hardware switch, but it can be used with any FortiGate.
Also, A hardware switch can only have a limited number of ports, while an aggregate can have as many ports as you need.
Thanks,
Shaleni
Created on 08-16-2023 03:58 PM Edited on 08-16-2023 04:08 PM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sorry to correct you Shaleni, information you provided is quite old and is not longer correct. Fortigate "hardware switch" is not a complete hardware switch, there still is some FGT process involved in it. So as per latest best practices from FOS 6.4.5 and onwards is not longer recomended.
for small deployments and/or light traffic like small branch office, can be used as alternative for high avaliability to use with entry level FGT/FSW models
Adolfo Z.H
E-TAC Secure Acess Team LATAM
Secure Access Team LATAM TAC
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Here's my take:
FortiLink Aggregate Mode (split interface, LACP = static):
Pros:
- automatically loop-tolerant (MSTP)
- link-level redundancy at FortiGate
Cons:
- only one FortiLink Aggregate port is active at a time (in split-interface mode), and all traffic cascades through single chain through a single port (potential performance bottleneck if not 10Gbe).
- mid-chain switch or link failures potentially breaks the chain affecting one or more switches.
FortiLink Hardware Switch Mode:
Pros:
- simple hub and spoke topology.
- all FortiLink hardware switch ports can be active at the same time, with traffic potentially only 1 "hop" away from FortiGate on their own uplink (no chain topology bottleneck).
- single switch/link failure should only affect that one switch
Cons:
- no link-level redundancy per switch.
- no virtual stacking.
- not automatically loop-tolerant (you have to fiddle with STP separately).
FortiLink MCLAG (active/active) on the other hand is the best of both worlds, if you can afford it.
Russ
NSE7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi TecnetRuss, thanks for your collaboration, to complete your idea, LACP static also is not longer recomended, due all the reasons you mentioned on your comment, but per lastest best practices and
with MCLAG-ICL capable FSW units, we can use LACP active and use all agregated ports on LACP link between FGT and a pair of MCLAG-ICL peer group.
Please check on following links how to achieve it, and also take a look for all supported MCLAG topologies.
hope it helps and found it interesting for your deployments.
those are avaliable since 6.4.5! enjoy!
Secure Access Team LATAM TAC
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
Deploying FortiLink as a hardware switch or an aggregate can have its own advantages and disadvantages. Let's explore both options:
Advantages of using FortiLink as a hardware switch:
Simplicity: Using FortiLink as a hardware switch can simplify your network design by eliminating the need for an additional switch device. It can streamline management and reduce the complexity of your network architecture.
Cost-Efficiency: Hardware switches can be cost-effective compared to aggregates since you don't need an extra physical switch. This might be advantageous for budget-conscious organizations.
Reduced Latency: Direct connectivity through a hardware switch might offer lower latency compared to going through an aggregate, potentially enhancing network performance for time-sensitive applications.
Disadvantages:
Limited Scalability: FortiLink hardware switches might have limitations in terms of scalability compared to aggregates. If your network grows significantly, hardware switches might become a bottleneck.
Limited Redundancy: Hardware switches might not provide the same level of redundancy as aggregates, which can offer redundant paths and enhanced reliability.
Advantages of using FortiLink as an aggregate:
Scalability: FortiLink aggregates can be more scalable, allowing you to connect more FortiGate units to the same aggregate, which can be beneficial for larger networks.
Redundancy: Aggregates offer redundancy by providing multiple paths, reducing the risk of network downtime due to a single point of failure.
Traffic Segmentation: Aggregates can help segment traffic more effectively, enhancing security and network organization.
Disadvantages:
Complexity: Aggregates introduce an additional layer of complexity to your network, which might require more configuration and management efforts.
Cost: Setting up aggregates might involve purchasing additional hardware, which could impact your budget.
Ultimately, the decision between using FortiLink as a hardware switch or an aggregate depends on your specific network requirements, scalability needs, redundancy goals, and budget considerations. Standardizing on one design could indeed simplify management and maintenance across the organization, but carefully evaluating the advantages and disadvantages of each approach in the context of your network's unique needs is crucial.
Best regards,
Qasim
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Related Posts
Labels
-
FortiGate
8,473 -
FortiClient
1,718 -
5.2
801 -
FortiManager
712 -
5.4
639 -
FortiAnalyzer
547 -
FortiAP
458 -
FortiSwitch
457 -
6.0
416 -
FortiClient EMS
408 -
5.6
362 -
FortiMail
308 -
6.2
251 -
FortiAuthenticator v5.5
234 -
SSL-VPN
222 -
FortiWeb
200 -
5.0
196 -
IPsec
186 -
FortiNAC
177 -
FortiGuard
136 -
6.4
128 -
SD-WAN
110 -
FortiGateCloud
100 -
FortiSIEM
98 -
FortiCloud Products
96 -
FortiToken
89 -
FortiAuthenticator
84 -
Customer Service
78 -
Wireless Controller
75 -
Firewall policy
71 -
4.0MR3
64 -
FortiProxy
59 -
Fortivoice
53 -
FortiADC
53 -
High Availability
52 -
FortiEDR
50 -
vlan
47 -
ZTNA
46 -
FortiExtender
45 -
FortiSandbox
44 -
FortiDNS
42 -
DNS
40 -
Routing
39 -
BGP
38 -
LDAP
38 -
FortiGate v5.4
35 -
FortiSwitch v6.4
34 -
SAML
34 -
Certificate
33 -
Authentication
31 -
SSO
31 -
Interface
31 -
NAT
30 -
RADIUS
29 -
FortiConnect
27 -
FortiLink
26 -
FortiWAN
25 -
FortiConverter
25 -
VDOM
25 -
Application control
25 -
FortiGate v5.2
24 -
Logging
24 -
Web profile
24 -
FortiPAM
22 -
Virtual IP
22 -
Fortigate Cloud
20 -
FortiPortal
19 -
SSL SSH inspection
19 -
FortiSwitch v6.2
18 -
FortiMonitor
18 -
Traffic shaping
17 -
FortiDDoS
15 -
OSPF
15 -
WAN optimization
15 -
FortiGate v5.0
14 -
System settings
14 -
IP address management - IPAM
14 -
SSID
13 -
Static route
13 -
FortiSOAR
12 -
FortiCASB
12 -
snmp
12 -
Automation
12 -
Admin
12 -
Web application firewall profile
12 -
FortiManager v5.0
11 -
FortiManager v4.0
10 -
FortiRecorder
10 -
IPS signature
10 -
4.0MR2
9 -
FortiGate v4.0 MR3
9 -
FortiWeb v5.0
9 -
FortiBridge
9 -
Traffic shaping policy
9 -
FortiAP profile
9 -
Proxy policy
9 -
RMA Information and Announcements
8 -
Security profile
8 -
Port policy
8 -
4.0
7 -
FortiDeceptor
7 -
FortiAnalyzer v5.0
7 -
FortiCache
7 -
Fabric connector
7 -
Intrusion prevention
7 -
Explicit proxy
6 -
DNS filter
6 -
trunk
6 -
Packet capture
6 -
Antivirus profile
6 -
Traffic shaping profile
6 -
FortiToken Cloud
5 -
FortiTester
5 -
Users
5 -
Email filter profile
5 -
Web rating
5 -
Fortinet Engage Partner Program
5 -
3.6
4 -
FortiCarrier
4 -
FortiScan
4 -
FortiDirector
4 -
Internet service database
4 -
Application signature
4 -
DLP sensor
4 -
Netflow
4 -
Replacement messages
4 -
FortiDB
3 -
FortiHypervisor
3 -
API
3 -
FortiNDR
3 -
NAC policy
3 -
DLP Dictionary
3 -
DLP profile
3 -
DoS policy
3 -
Service
3 -
VoIP profile
3 -
Multicast routing
3 -
Cloud Management Security
3 -
FortiInsight
2 -
FortiAI
2 -
Kerberos
2 -
Authentication rule and scheme
2 -
Protocol option
2 -
TACACS
2 -
Schedule
2 -
SDN connector
2 -
Zone
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Subscription Renewal Policy
1 -
Video Filter
1 -
ICAP profile
1 -
Multicast policy
1 -
Vulnerability Management
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1661 | |
| 1077 | |
| 752 | |
| 443 | |
| 220 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.