Fortinet FortiSwitch 248D
Secure Access Switches
Click here to jump to more pricing!
Overview:
FortiSwitch Secure Access switches deliver outstanding security, performance and manageability for threat conscious small to mid-sized businesses, distributed enterprises and branch offices. Tightly integrated into the FortiGate® Network Security Platform, the FortiSwitch Secure Access switches can be managed directly from the familiar FortiGate interface. This single pane of glass management provides complete visibility and control of all users and devices on the network, regardless of how they connect.
When a device connects to a Secure Access Switch Ethernet port, it is first identified, and then the user is authenticated. Once authenticated, access to the network is granted based on pre-defined security policy from the FortiGate, ensuring secure network access across the enterprise, without impacting the user experience.
Secure Managed Switches for Wire Closet Installation
The FortiSwitch D-Series switches are ideal for the next generation applications, where increased productivity can be achieved through faster network access speeds via dedicated Gigabit Ethernet ports. With a compact 1RU form factor, these switches are ideally suited for high density enterprise or classroom wire closet installations, delivering a truly secure network access platform for wired Ethernet devices.Simple Network Deployment and Compliance
The Power over Ethernet (PoE) capability enables simple installation of wireless Access Points and IP phones in the network, with power and data being delivered over the same network cable. There is no need to contract electricians to install power for your PoE capable devices anymore, reducing your overall network TCO.
By leveraging the FortiSwitch VLAN segmentation feature of the switches, enterprise networks can support the convergence of voice, data and wireless traffic onto a single network platform. FortiSwitch network segmentation can even be managed from the FortiGate interface, simplifying the process of meeting compliance requirements for data separation.
Highlights
- Secure Access switches suitable for wire closet and desktop installations.
- Devices are identified and users authenticated prior to being granted access to the network.
- Centralized security management and reporting from FortiGate interface.
- Up to 48 ports in a compact 1 RU form factor.
- Power over Ethernet capable, including PoE+.
- Ideal for converged network environments; enabling voice, data and wireless traffic to be delivered across a single network.
Key Features & Benefits | |
---|---|
Single Management Framework | Reduces complexity and decreases management cost with network security functions managed through a single console. |
Single Policy Provisioning | The same security policy can apply to a user or device regardless of how or where they connect to the network.Enables access to certain network ports based on the role of a user within the organization, such as in shared conference rooms or engineering facilities. |
Centralized Authentication | All users are authenticated against the same user database, regardless of whether they connect to the wired or wireless network, including temporary guest users. |
Role-Based Ports | Enables access to certain network ports based on the role of a user within the organization, such as in shared conference rooms or engineering facilities.. |
Capabilities: Fortilink Mode Vs. Standalone Mode:
FORTISWITCH D-SERIES | ||
---|---|---|
STANDALONE SWITCH | FORTILINK MODE (FORTIGATE) | |
Security | ||
802.1x Port Authentication | Yes | Yes |
MAC Address-Based Authentication | No | Yes |
MAC Black/White Listing | No | Yes |
Layer 3,4 Stateful Firewall to Control Access | No | Yes |
TACACS+/RADIUS Admin Access | Yes | Yes |
DHCP Relay/DHCP Snooping | No | Yes |
Virtual Domain | No | Yes |
Routing | ||
Layer 3, Dynamic Routing | No | Yes |
Inter-VLAN Routing | Yes* | Yes |
Policy-Based Routing | No | Yes |
DNS Server | No | Yes |
VLANs Supported | 4K | 1K |
Management | ||
Auto Discovery of Multiple Switches | 1 | 16 (model dependent) |
Software Upgrade of Switches | 1 switch | Central upgrade of each switch |
VLAN Configuration | 1 switch | Central VLAN provisioning of entire switch network |
Policy Control of Users and Devices | No | Yes |
Syslog Collection | Yes | Yes (FortiGate syslog only) |
Switch POE Control | Yes | Yes** |
LAG support from FortiSwitch to FortiGate | Yes | Yes** |
High Availability | ||
Support for FortiGate in HA cluster | Yes | Yes** |
UTM Features | ||
Firewall | No | Yes |
IPS, AV, Application Control | No | Yes |
* supported in 124D, 124D-POE, 200 (except 224D-POE), 400 and 500 series.
** enabled with FOS 5.4 release
FortiSwitch Deployment Example:
FortiLink Mode
The FortiSwitch Secure Access Switch series integrates directly into the FortiGate* Connected UTM, with switch administration and access port security managed from the familiar FortiGate interface. Regardless of how users and devices connect to the network, you have complete visibility and control over your network security and access through this single pane of glass, perfectly suited to threatconscious organizations of any size.* Selected models only
Standalone Mode
Virtualization and cloud computing have created dense high-bandwidth Ethernet networking requirements in the data center, pushing the limits of existing data center switching. FortiSwitch Data Center switches meet these challenges by providing a high performance 10 or 40 GE capable switching platform, with a low Total Cost of Ownership. Ideal for Top of Rack server or firewall aggregation applications, as well as enterprise network core or distribution deployments, these switches are purpose-built to meet the needs of today’s bandwidth intensive environments.Software Features (standalone Mode):
FORTISWITCH D-SERIES | |
---|---|
Layer 2 | |
Jumbo Frames | Yes |
Auto-negotiation for port speed and duplex | Yes |
IEEE 802.1D MAC Bridging/STP (will interoperate) | Yes |
IEEE 802.1w Rapid Spanning Tree Protocol (RSTP, will interoperate) | Yes |
IEEE 802.1s Multiple Spanning Tree Protocol (MSTP) | Yes |
IEEE 802.1p Mapping to Priority Queue | Not supported |
Edge Port / Port Fast | Yes |
IEEE 802.1Q VLAN Tagging | Yes |
Private VLAN | Not supported on FS-108D-POE, FS-224D-POE |
IEEE 802.3ad Link Aggregation with LACP | Yes |
Unicast/Multicast traffic balance over trunking port (dst-ip, dst-mac, src-dst-ip, src-dst-mac, src-ip, src-mac) | Yes |
IEEE 802.1AX Link Aggregation | Yes |
Spanning Tree Instances (MSTP/CST) | 15/1 |
IEEE 802.3x Flow Control and back-pressure | Yes |
IEEE 802.3 10Base-T | Yes |
IEEE 802.3u 100Base-TX | Yes |
IEEE 802.3z 1000Base-SX/LX | Yes |
IEEE 802.3ab 1000Base-T | Yes |
802.3ae 10 Gigabit Ethernet | in FS-5xx, 4xx family |
802.3 CSMA/CD Access Method and Physical Layer Specifications | Yes |
IEEE 802.3af-2003/2009 POE | Not supported on FS-124D |
Storm Control | Yes (except FS-108D-POE, FS-224D-POE) |
Layer 3 | |
Static Routing (Software-based only) | Up to 64 static routes, usable for software routing (like management traffic) |
Static Routing (Hardware-based) | 64 static routes (16K on FS-5xx family)* |
L3 Host/ARP Entries | 4K on FS-1xx, 2xx, 4xx family* 24K on FS-5xx family |
Services | |
IGMP Snooping (v1/v2/v3) | 1023 groups on FS-1xx, 2xx, 4xx, 5xx. Not supported on FS-108D-POE, FS-224D-POE |
Security | |
Port Mirroring | Yes |
Admin Authentication Via RFC 2865 RADIUS | Yes |
802.1x authentication with port-based assignment | Yes |
sFlow | Yes, All models except FS-108D-POE, FS-224D-POE |
ACL Tables | 1K entries on FS-5xx family 512 on FS-1xx, 2xx, 4xx, 5xx families Not supported on FS-108D-POE, FS-224D-POE |
Management | |
Telnet / SSH | Yes |
HTTP / HTTPS | Yes |
SNMP v1/v2c/v3 | Yes |
SNTP | Yes |
LLDP (802.1ab, Link Layer Discovery Protocol) (receive and transmit) | Yes |
Standard CLI and web GUI interface | Yes |
Software download/upload: TFTP/FTP/GUI | Yes |
Managed from FortiGate | Yes |
RFC and MIB Support** | |
RFC 2571 Architecture for Describing SNMP Framework | Yes |
DHCP Client | Yes |
RFC 854 Telnet Server | Yes |
RFC 2865 RADIUS | Yes |
RFC 1643 Ethernet-like Interface MIB | Yes |
RFC 1213 MIB-II | Yes |
RFC 1354 IP Forwarding Table MIB | Yes |
RFC 2572 SNMP Message Processing and Dispatching | Yes |
RFC 1573 SNMP MIB II | Yes |
RFC 1157 SNMPv1/v2c | Yes |
RFC 2030 SNTP | Yes |
* Check Release notes/Admin guide for Static Routing release details.
** MIBs have been tested with Solarwinds NPM tool.
Specifications:
FORTISWITCH 248D | |
---|---|
Hardware Specifications | |
Total Network Interfaces | 48x GE RJ45 ports and 4x GE SFP ports |
Dedicated Management 10/100 Port | 1 |
RJ-45 Serial Console Port | 1 |
Form Factor | 1 RU Rack Mount |
Power over Ethernet (PoE) Ports | — |
PoE Power Budget | N/A |
Mean Time Between Failures | > 10 years |
System Specifications | |
Switch Type | Web and CLI Managed |
Switching Capacity | 104 Gbps |
Packets Per Second | 155 Mpps |
MAC Address Storage | 16K |
Network Latency | < 1µs |
VLANs Supported | 4K |
Link Aggregation Group Size | 8 |
Total Link Aggregation Groups | 26 |
Packet Buffers | 1.5 MB |
DRAM | 512 MB |
FLASH | 128 MB |
Dimensions | |
Height x Width x Length (inches) | 1.73 x 9.68 x 17.3 |
Height x Width x Length (mm) | 44 x 246 x 440 |
Weight | 7.81 lbs (3.54 kg) |
Environment | |
Power Required | 100–240V AC, 50–60 Hz |
Power Supply | AC built in |
Redundant Power | — |
Power Consumption (Average / Maximum) | 38.66 W / 39.19 W |
Heat Dissipation | 134 BTU/h |
Operating Temperature | 32–122°F (0–50°C) |
Storage Temperature | -4–158°F (-20–70°C) |
Humidity | 10–90% non-condensing |
Certification and Compliance | |
FCC, CE, RCM, VCCI, BSMI, UL, CB, RoHS2 | |
Warranty | |
Fortinet Warranty | Limited lifetime* warranty on all models |
Documentation:
Download the Fortinet FortiSwitch D-Series Datasheet (PDF).
Pricing Notes:
- All prices displayed are Ex-VAT. 20% VAT is added during the checkout process.
- 24x7 FortiCare Contract
24x7 Support, Advanced Hardware Replacement (NBD), Firmware and General Upgrades - Prices are for one year of Premium RMA support. Usual discounts can be applied.
- Annual contracts only. No multi-year SKUs are available for these services.
- Contact Fortinet Renewals team for upgrade quotations for existing FortiCare contracts.
- Pricing and product availability subject to change without notice.