Advantages/Disadvantages of deploying Fortilink as hardware switch vs aggregate?
I'm working in an environment where some sites have Fortilink set as an aggregate, and some as a hardware switch. Are there any benefits to standardizing on one design over the other, aside from consistency across the org?
Hello @LBC_Solutions_Arch The main difference between Fortilink as a hardware switch and as an aggregate is how traffic is forwarded.
In a hardware switch, traffic is forwarded directly between the ports on the FortiGate, without involving the CPU. This can provide better performance, especially for high-bandwidth traffic. However, a hardware switch can only be used with FortiGates that have integrated switches.
In an aggregate, traffic is forwarded between the ports on the FortiGate by the CPU. This can provide less performance than a hardware switch, but it can be used with any FortiGate.
Also, A hardware switch can only have a limited number of ports, while an aggregate can have as many ports as you need.
sorry to correct you Shaleni, information you provided is quite old and is not longer correct. Fortigate "hardware switch" is not a complete hardware switch, there still is some FGT process involved in it. So as per latest best practices from FOS 6.4.5 and onwards is not longer recomended.
Deploying FortiLink as a hardware switch or an aggregate can have its own advantages and disadvantages. Let's explore both options:
Advantages of using FortiLink as a hardware switch:
Simplicity: Using FortiLink as a hardware switch can simplify your network design by eliminating the need for an additional switch device. It can streamline management and reduce the complexity of your network architecture. Cost-Efficiency: Hardware switches can be cost-effective compared to aggregates since you don't need an extra physical switch. This might be advantageous for budget-conscious organizations. Reduced Latency: Direct connectivity through a hardware switch might offer lower latency compared to going through an aggregate, potentially enhancing network performance for time-sensitive applications. Disadvantages:
Limited Scalability: FortiLink hardware switches might have limitations in terms of scalability compared to aggregates. If your network grows significantly, hardware switches might become a bottleneck. Limited Redundancy: Hardware switches might not provide the same level of redundancy as aggregates, which can offer redundant paths and enhanced reliability. Advantages of using FortiLink as an aggregate:
Scalability: FortiLink aggregates can be more scalable, allowing you to connect more FortiGate units to the same aggregate, which can be beneficial for larger networks. Redundancy: Aggregates offer redundancy by providing multiple paths, reducing the risk of network downtime due to a single point of failure. Traffic Segmentation: Aggregates can help segment traffic more effectively, enhancing security and network organization. Disadvantages:
Complexity: Aggregates introduce an additional layer of complexity to your network, which might require more configuration and management efforts. Cost: Setting up aggregates might involve purchasing additional hardware, which could impact your budget. Ultimately, the decision between using FortiLink as a hardware switch or an aggregate depends on your specific network requirements, scalability needs, redundancy goals, and budget considerations. Standardizing on one design could indeed simplify management and maintenance across the organization, but carefully evaluating the advantages and disadvantages of each approach in the context of your network's unique needs is crucial.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.