I have around 30 systems in each floor connecting to the main floor L3 switch with a fiber up-link. I am contemplating to replace the L3 switch with a Fortinet firewall which supports fiber cables from each floor as up-links. Is there any issues with this design?

No, but if the L3 is working good now the , than the old saying of ; " don' t fix anything that' s not broken" . If your design consists of running links between all floors & terminated on a FGT. Than that' s telling me you are defining L3 boundaries on the firewall. This will require fwpolicies between all L3 subnets to each other subnet. This would also eliminate the spanning of L2 subnets across between floors. It would give you more control over your intra-net traffic and generate more fwpolicies. Is that something that you need or require?

Yes, that' s what I am looking for. So which firewall model supports fiber link from each floor to main floor? A total of 5 up-links are needed. I am just wondering can we assign IP address to a fiber interface? (each up-link will be used as a gateway to each floor)

You can start right here and review the models that supports SFPs. FWIW, your not going to find a low or med grade device that does this or nothing cheap. http://www.fortinet.com/products/fortigate/index.html#mid Once again, your adding more complexity into your setup and it' s not clear as to what/why you think you need to terminate the floors on a dedicate fiber ports on a L3 firewall device. And if you want to apply a 2nd unit of have any HA concerns, than you boxed yourself into a tight box if the fiber are connected directly to the fortigate. And yes you can apply a L3 ip_addressing on a fiber interface & in the same fashion as copper port. See the attach diagram of a smarter solution using the current but with a FGT in the mix. With is design, you can terminate each floor on a vlan unique and on the FGT i.e vlan 101 floor1 vlan 102 floor2 vlan 103 floor3 vlan 104 floor4 This would route all traffic between floors at the firewall. if you don' t need that level of policies, just terminate the l3 SVI on distribution switch and set the default gateway to the FGT. And if you install a stackabke model of switch like the 2960 EX2/4K, etc... you can scale up each floor as you need access-ports. If you later need more firewall , you just add them to the distribution switch. If you need more bandwidth, you enable 803.ad LACP bundles between firewalls. Keep It Simple & Straight aka KISS

Thank you very much for the detailed diagram. I believe this is an ideal design. I am at a customer site, each floor with just one switch up-linked to a L3 switch on the main floor. Now the customer is demanding firewall at each floor and retain the L3 switch on the main floor. So here I need to procure 5 firewalls (FGT 200B)for each floor. Can I achieve the same thing with your solution with the same cost or may be lower cost? Here all I need is two firewalls and a SFP switch. The plus point is redundancy.

I would look at a vdom concept, but seriously this is not required. You should be directing the customer as to the pro/cons for such deployments. If each floor is part of the same " org" than multiple firewalls could be way over kill imho If each floor need intra-traffic and security controls, than one firewall properly sized and fwpolicies between them would be ideal and you can provide fwpolicies for traffic internet bound for each floor ( this would my ideal solution, & without know more information about the customer ) If you go with a vdom solution for each floor, this can quickly exhaust the vdoms and depending on the model selected. i.e a FGT100D vrs a FGT1500D You can refer the fortinet matrix values for vdom limits per-chassis. https://www.fortinet.com/sites/default/files/productdatasheets/Fortinet_Product_Matrix.pdf I think your customer just needs firewall protection between the floors and depts within. So a interfaces on a trunked interface from the firewall into the main switch and span these vlans to the depts/floors switches as required. NOTE :The L3 main switch at this point would not be a L3 switch for the floors and you would carry the 802.1q from ; FGT-----> MAIN_SWITCH ------> FLOOR ACCESS SWITCH I hope that clears it up for you.