© Copyright Fortinet Inc. All rights reserved.

Secure Access FortiSwitch Product Overview Secure Wireless and Access Technologies August 2016

2

Agenda

§ Driving Toward a Secure Access Layer § FortiSwitch Product Family § Management and Features § Use Cases § Roadmap

Driving Toward A Secure Access Layer

4

Combine Security and Access for a Seamless Unified Experience

Security (NGFW/UTM)

Access (Enterprise)

Need More Speed Migration to 802.11ac

Device Growth

Seamless Unified

Experience

Application Growth

Move to wireless Including IoT

Unified Network

Operations Secure Access Architecture

(Integrated Security)

•  The network edge provides the most challenging threat surface.

•  Requirements of the access layer have increased

•  In past 18 months FortiSwitch joined with a strategic acquisition of wireless technology to create Secure Access

5

Access Trends

Expectations Secure Unified Access Unified Policy and Enforcement Consistent User experience Simplified management that provides actionable information

Continuing proliferation of network enabled devices. How do you secure the internet of things?

6

Secure Access Product Portfolio

FortiPresence FortiAuthenticator

FortiManager FortiWLM

FortiClient FortiWiFi

Fortinet Controllers

FortiAP

FortiExtender

FortiSwitch (POE)

SECURE ACCESS PORTFOLIO

U

Development and Innovation Focused On End to End Secure Access Growing Natively Out of the Security Fabric

Network Secure LAN Access

Secure WLAN Access

Secure Cloud

Secure Devices

Sandboxing Policy

Email Security

Web Security

7

Strategic Expansion of a Secure Access Layer

§  Experiencing Exponential growth in Enterprise switching »  Over 100% growth yoy in switching sales. »  Current sales in last two quarters combined exceeds total sales for previous year

FortiSwitch development began over 4 years ago with a focus on creating a secure, scalable, high performance access layer.

2012 2013 2014 2015 2016 to date

FortiSwitch

FortiSwitch

8

Common Access Experience For Users Simplified Management Process for Administrators

• Consistent user experience • Consistent policies: for access, security, and applications. • Support for multiple devices in the enterprise o Wireless: Smartphones, tablets, mobile POS, IOT o Wired: Desktops, terminals, printers, phones, servers

• Network Management: Wired, wireless and security management possible through a single pane of glass

• Control: Switches, Access Points, Security Appliances • Performance: Speed, Low Latency, Fast Roaming

Wired

Wireless

VPN

Single Pane of Glass (Management)

Single point of Security Updates

Single Network Operating System

Single point of Authentication and SSO

The FortiSwitch Product Family

10

Introducing FortiSwitch

Broad portfolio of Stackable Secure Access Switches 1GbE, 10GbE and 40GbE capable Flexibility to grow as needed. Suitable for desktop, wiring closet, and top of rack

Simplified management and ease of deployment through the FortiGate.

Ideal for Converged “Integrated” deployments. Enable voice, data, and wireless traffic to be delivered across a single network. Provide power and policy enforcement.

11

FortiSwitch Access Switch Family Entry

100 Series List Price Range:

$495-$795

Entry Level Switch

8 to 24 gigabit Ethernet ports, POE Capable

Desktop to wiring closet.

100 Series offers 2 SFP gigabit Ethernet uplink ports

Mid Range 200 Series

List Price Range:

$1300-$2000

Mid level Switch

24 to 48 gigabit Ethernet ports POE+ Capable

Typical wiring closet switch

200 series offers 4 SFP gigabit Ethernet uplink ports

Premium 400 Series

List Price Range:

$1100-$4000

Enterprise Switch

24 to 48 gigabit Ethernet ports POE+ Capable

Larger wiring closet or high throughput requirements.

400 Series offers up to 4 SFP 10gigabit Ethernet uplinks

Aggregation 500 Series

List Price Range:

$3000-$4500

Aggregation Switch

24 to 48 gigabit Ethernet ports POE+ Capable

500 Series offers 4 X10 gigabit SFP and 2 X 40 gigabit SFP Ethernet uplinks

12

1000 Series List Price Range: $11,995 - $14,995

Data Center Aggregation Switch 24 and 48 10 Gigabit Ethernet SFP ports 1000 Series offers up to four 40 Gigabit Ethernet QSFP+ uplink ports Dual hot swappable power supplies

3000 Series List Price $17,995

Data Center Switch 3000 series offers 32 x 40 Gigabit Ethernet QSFP+ ports Dual hot swappable power supplies

FortiSwitch Top of Rack Switch Family

13

§ Copper and Optical Options § Supports SFP, SFP+, QSFP+,

DAC and CFP2 slots § Performance from 1 Gbps

to100 Gbps

FortiSwitch Transceivers

Management and Features

15

FortiSwitch Management Through Fortilink

Single Pane of Management for

Managed Switches

Switch Management •  Auto Discovery •  Utilizes FortiLink

protocol for secure management.

•  Visibility into port speed/status

•  Centrally manage segmentation.

•  Apply security policy. •  Authenticate clients

centrally via 802.1x or captive portal

16

Controlling FortiSwitch with FortiGate

1.  Configure FGT interface for Fortilink 2.  Connect FSWs

17

Single Pane of Glass Management Security Wireless Switching

18

FortiLink Stacking High Port Density with Ease of Management §  Single IP for Management through FortiGate

§  One FortiLink Stack Configuration will support up to 16 FortiSwitch »  Port Density From 8 to 768 ports with 16 FortiSwitches Stack »  Any combination of Gig or 10G Switches

FGT is single IP for management

STP is running in the FortiLink and Interswitch Links

Each FSW is a separate unit

Each inter-switch link is formed automatically

19

Ready to apply FortiGate Top Class Security

20

Device Detection – Per Port Device Visibility

Use Cases

22

Secure Access Switching Use-cases: Retail

• Easy of deployment in high scale

• POE+ connectivity • Easily adapt to new retail technology

Simplicity Visibility Compliance

23

Secure Access Switching Use-case: Branch

§ POE+ to power infrastructure, phones, and IOT devices

§ Device identification and user/device policy enforcement

§ Centralized network infrastructure and security management

Securely Enable Services Required for Branch Deployments

24

Secure Access Switching Use-case: Enterprise

§  Ease of deployment §  FortiLink high bandwidth

switch stacking provides flexibility to grow as needed.

§  Security Services including device identification and policy enforcement

Enterprise

Allows For Growth, Maintains Ease of Use and Security

10Gig

1Gig

10Gig

Roadmap

26

Software Roadmap

Q1/16 Q2/16 Q3/16 Q4/16

FSW 3.4.0

•  MAC/IP/Protocol Based VLAN Assignment

•  User based (802.1x) VLAN Assignment

•  Static L3 Routing (Hardware) on 100, 200 and 400 Series *

•  ACL redirect to mirror destination as trunk/LAG

•  MAC-IP Binding on 500 Series •  Virtual Wire •  Support for HTTP REST APIs for

Configuration and Monitoring

FSW 3.6.0

•  DHCP Snooping •  L3:DHCP Relay •  QoS: 802.1p Support •  LLDP-MED •  802.1x Enhancements (inc/ Mac Authentication

Bypass) •  SNMP enhancements •  IGMP-snooping

FSW 3.5.0

•  Dynamic ARP Inspection •  MLAG •  Dynamic L3 Protocols

FSW 3.4.2

•  Fortilink on more FortiGate Models

•  FortiLink Stacking •  Per-port Device Visibility •  Spanning Tree on

FortiSwitch ports •  Link Aggregation

FortiSwitch ports •  Storm Control Support •  FortiSwitch ‘log’export to

FortiGate •  Trusted/Untrusted Ports

support (for DHCP) •  Port Statistics Display

•  MLAG •  L3 discovery •  HA active-active (FOS 5.6.0) •  LLDP (FOS 5.4.2) •  Support RMA (FOS 5.4.2) •  IGMP snooping config (5.4.2) •  Redundant Uplinks (5.6.0) •  802.1x enhancements/MAB (5.6.0) •  Security Features (5.6.0)

Standalone FortiLink (needs FOS)

27

Additional Resources

§ Datasheet https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/FortiSwitch_D_Series.pdf § Main Product Page https://www.fortinet.com/products-services/products/switches/secure-access-switches-fortiswitch.html § Product Matrix https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/Fortinet_Product_Matrix.pdf

FortiLink Supported Topologies For Reference

30

FortiLink-LAG (Link Aggregation)

FGT

FSW

•  A port can be member of multiple vlans (native-vlan + number of allowed-vlans)

Interface type = ‘aggregate’ With one or more members

31

FortiGate and Multiple Switches (Star)

FGT

FSW

Interface type = ‘physical’ or ‘aggregate’

•  A port can be member of multiple vlans (native-vlan + number of allowed-vlans)

ISL InterSwitchLink

32

FortiGate and Multiple Switches (Ring)

FGT

FSW-1

FSW-N

FSW-2

Devices on ‘FortiLink’ setup – A

P’s,

Servers, P

C, IP

-Phones, IP cam

eras (any IP device!)

• U

nified view of all FS

Ws

Active FortiLink

StandbyFortiLink

FSW connected in ‘Ring’ to provide redundancy

ISL InterSwitchLink

`

•  Interface type ‘physical’ or ‘aggregate’ •  Only ‘aggregate’ type can support “Standby

FortiLink” – Max 2 physical members

33

Fortigate and Multiple FSWs (on hw-switch/sw-switch interface)

FGT

FSWs

Interface type = ‘hw-switch’ or ‘sw-

switch’

•  A port can be member of multiple vlans (native-vlan + number of allowed-vlans)

•  Device outside of FortiLink can L2 communicate with FSW Ports

•  Device needs to support 802.1q tagging

34

FGT HA Pair and Multiple Switches (Ring)

HA Link FGT-1 FGT-2 (HA-Peer)

FSW-1

FSW-N

FSW-2

Devices on ‘FortiLink’ setup – A

P’s,

Servers, P

C, IP

-Phones, IP cam

eras (any IP device!)

• U

nified view of all FS

Ws

Active FortiLink

StandbyFortiLink

FSW connected in ‘Ring’ to provide redundancy

FGT

FortiLinks

ISL

FSW

Failover Protection @

With Ease of Management and

Features

ISL InterSwitchLink

35

Enterprise/Office Closet

36

FGT HA Pair and Multiple Switches (Star)

FGT-Master

FSW

Interface type = ‘physical’ or ‘aggregate’

•  A port can be member of multiple vlans (native-vlan + number of allowed-vlans)

ISL InterSwitchLink

FGT-Slave

Active FortiLink

StandbyFortiLink