As part of the reorganization of the network of my company, I intend to apply the fortilink architecture, so I want to know if the fortigate 200e can also play the role of the backbone switch of access switches of fotinet (424d and switches 448d)
Fortigate 200e – Using as a Backbone Switch
fortigatefortinet
Related Topic
- Vpn – Fortigate “remembers” bad routes
- Preventing Loops – Trunking Fortigate and Cisco L2 Switches
- Connecting to fortigate 5.4 with vpnc (ipsec)
- Fortigate 50e – Setting Up Conditional Forwarding
- Cisco SG300 and Fortigate 90D integration
- Fortigate Firewall – Unable to Ping Google-AWS Fortigate Firewall – SOLVED
- Routing – Fortigate and ipv6 routing
Best Answer
The cited switches do not only have a throughput of 88 Gbps (424D) and 176 Gbps (448D) but also feature 2/4 10GE ports for uplinks.
In comparison, the maximum throughput of a FGT-200E is rated at 20 Gbps, 9 Gbps for small packets (64b). In order to use a Fortigate as a backbone switch it would need to have 10GE ports; aggregating ports in a LACP trunk will be not as efficient and will exhaust the available ports (14 on a FGT-200E).
The main reason I advise against this deployment pattern is that the main advantage of having a UTM firewall, namely protection via AV, IPS, Application Control etc., will have to be sacrificed for speed.
The FGT is meant to manage the Fortiswitches in your LAN; as such it's very convenient (e.g., VLAN handling), powerful and you can even extend the security perimeter to your access ports.
Just keep in mind that the whole infrastructure will be as powerful as the weakest part, and that would be the FGT if used as a backbone switch. If you use a Fortiswitch for backbone and manage and monitor all switches from the built-in FGT switch controller, all is fine.