FortiSwitch -148F Secure Access

The FortiSwitch™ Access Family is tailored to meet the unique demands of enterprise branch offices and small businesses. An unparalleled combination of security, ease of use, and scalability makes FortiSwitch™ the ideal choice for Ethernet infrastructure.

Category : Fortinet switch

Brand : Fortinet

Model : FS-148F

Enquiry Us Contact Now

Description

Secure Networking Through Forti Link

Forti Link is an innovative proprietary management protocol that enables seamless integration and management between a FortiGate Next-Generation Firewall and the Forti Switch Ethernet switching platform. By using Forti Link, the Forti Switch becomes a logical extension of the FortiGate, allowing for centralized management of both network security and access layer functions through a single interface.

Easy-to-use Network Access Control (NAC) at No Cost

Forti Link integration enables basic NAC functionality to profile and securely onboard devices as they connect. Forti Link NAC offers visibility into all connected devices, automated segmentation and security policies for IoT devices, quarantine if compromised, and virtual patching to help protect against threats.

Built-in Ethernet Port Security

Traditional Ethernet port security demands manual effort and continuous maintenance, which is impractical for IT administrators of remote branches or small business. Consequently, Ethernet ports are frequently left unprotected. Forti Switch access switching offers IT administrators the ability secure ports ensuring only approved users and devices get access to the network. The automation of port security without requiring 802.1x makes making policy enforcement easy to implement and manage while NGFW-level policies ensure granular control and zero-trust access for users and devices.

User- and Device-Based Access Control and Policy Enforcement

Whether leveraging Fortinet Identity Access Management (IAM) or third-party identity providers, Forti Link automation can leverage user identity to make granular role-based policy decisions, allowing you to implement zero-trust principles.

Secure Access Service Edge (SASE)

This Forti Switch enterprise architecture offers a built-in foundation for zero-trust network access (ZTNA) and secure access service edge (SASE), offering the flexibility to easily deploy the type and level of security you need at the edge of your network.

Operational Simplicity

Deploying, managing, and perfecting an Ethernet switching infrastructure can be challenging and time-consuming, particularly when done remotely or with limited staff. Forti Switch switching architecture can be securely deployed and managed in minutes through zero-touch deployment. Whether Forti Switch is deployed in standalone mode or Forti Link mode, its easy-to-use intuitive workflows and unified views let you provision, manage, and optimize your small business or remote branches at scale. Whether cloud or on-premises, centralized management delivers a unified view of the LAN, security, and in the case of SD-Branch: SD-WAN and 5G wireless gateways. This feature provides a consistent user experience for optimal operational efficiency, simplifying management, optimization, and troubleshooting. The result is a shorter mean time to repair both network and security issues.

Scalable and Flexible for Branches or Small Business

Forti Switch access architecture scales to meet the need of today’s small business and remote branches without sacrificing security. Supporting up to 48 ports in a compact 1 RU form factor, Forti Switch can deliver the performance and scale you require.

Eliminate Bottlenecks

With wire speed 1GE access ports and dedicated uplinks capable of speeds up 10GE, the Forti Switch Access Series provides the performance and speed needed for next generation SD-Branch applications.

Next-Generation Power Over Ethernet Support

With PoE+ support in all models, Forti Switch delivers and manages power for devices such as cameras, sensors, and wireless access points.

Features

Management and Configuration

Auto Discovery of Multiple Switches
Automated detection and recommendations
Centralized VLAN Configuration
Dynamic Port Profiles for FortiSwitch ports
FortiLink Secure Fabric
FortiLink Stacking (Auto Inter-Switch Links)
FortiSwitch Management over VXLAN
Health Monitoring
IGMP Snooping
L3 Routing and Services (FortiGate)
Link Aggregation Configuration
LLDP/MED
Managed Switches 8 to 300 depending on FortiGate model
Policy-Based Routing (FortiGate)
Provision firmware upon authorization
Software Upgrade of Switches
Spanning Tree
Switch POE Control
Virtual Domain (FortiGate)

High Availability

Active-Active Split LAG from FortiGate to FortiSwitches for Advanced Redundancy
LAG support for FortiLink Connection
Support FortiLink FortiGate in HA Cluster

Security and Visibility

Authentication 802.1X (Port-based, MAC-based, MAB)
Block Intra-VLAN Traffic
Clients Monitoring
Device Detection
DHCP Snooping
DHCP/ARP Monitor
FortiGuard IoT identification
FortiSwitch recommendations in Security Rating
Host Quarantine on Switch Port
Integrated FortiGate Network Access Control (NAC) function
MAC Black/While Listing (FortiGate)
NAC Device Telemetry
Network Device Detection
Policy Control of Users and Devices (FortiGate)
Port Statistics
Security Fabric Automation
Switch Controller traffic collector
Syslog Collection

UTM Features

Firewall (FortiGate)
IPC, AV, Application Control, Botnet (FortiGate)

Layer 2

Auto-negotiation for Port Speed and Duplex
Auto topology
Dynamically shared packet buffers
Edge Port / Port Fast
IEEE 802.1ad QinQ
IEEE 802.1AX Link Aggregation
IEEE 802.1D MAC Bridging/STP
IEEE 802.1Q VLAN Tagging
IEEE 802.1s Multiple Spanning Tree Protocol (MSTP)
IEEE 802.1w Rapid Spanning Tree Protocol (RSTP)
IEEE 802.3 10Base-T
IEEE 802.3ab 1000Base-T
IEEE 802.3ad Link Aggregation with LACP
IEEE 802.3ae 10 Gigabit Ethernet
IEEE 802.3az Energy Efficient Ethernet
IEEE 802.3ba, 802.3bj, and 802.3bm 40 and 100 Gigabit Ethernet
IEEE 802.3bz Multi Gigabit Ethernet
IEEE 802.3 CSMA/CD Access Method and Physical Layer Specifications
IEEE 802.3u 100Base-TX
IEEE 802.3x Flow Control and Back-pressure
IEEE 802.3z 1000Base-SX/LX
Ingress Pause Metering
Jumbo Frames
LAG min/max bundle
Loop Guard
MAC, IP, Ethertype-based VLANs
MDI/MDIX Auto-crossover
Per-port storm control
Priority-based Flow Control (802.1Qbb)
Private VLAN
Rapid PVST interoperation
Spanning Tree Instances (MSTP/CST)
Storm Control
STP BPDU Guard
STP Root Guard
Time-Domain Reflectcometry (TDR) Support
Unicast/Multicast traffic balance over trunking port
(dst-ip, dst-mac, src-dst-ip, src-dst-mac, src-ip, src-mac)
Virtual-Wire
VLAN Mapping

Services

IGMP proxy / querier
IGMP Snooping
MLD proxy / querier
MLD Snooping

Layer 3

Bidirectional Forwarding Detection (BFD)
DHCP Relay
DHCP server
Dynamic Routing Protocols: OSPFv2, RIPv2, VRRP, ISIS *
Filtering routemaps based on routing protocol
IP conflict detection and notification
IPv6 route filtering
Static Routing (Hardware-based)
Unicast Reverse Path Forwarding - uRPF

Security and Visibility

ACL
ACL Multiple Ingress
ACL Multistage
ACL Schedule
Admin Authentication Via RFC 2865 RADIUS
Assign VLANs via Radius attributes (RFC 4675)
DHCP-Snooping
Dynamic ARP Inspection
Flow Export (NetFlow and IPFIX)
IEEE 802.1ab Link Layer Discovery Protocol (LLDP)
IEEE 802.1ab LLDP-MED
IEEE 802.1ae MAC Security (MAC Sec)
IEEE 802.1X Authentication MAC-based
IEEE 802.1X Authentication Port-based
IEEE 802.1X Dynamic VLAN Assignment
IEEE 802.1X EAP pass-through
IEEE 802.1X Guest and Fallback VLAN
IEEE 802.1X MAC Access Bypass (MAB)
IEEE 802.1X open auth
IP source guard
IPv6 RA Guard
LLDP-MED ELIN support
MAC-IP Binding
Per-port and per-VLAN MAC learning limit
Port Mirroring
Radius Accounting
Radius CoA (Change of Authority)
sFlow
Sticky MAC and MAC Limit
Wake on LAN
*Requires ‘Advanced Features’ License.

High Availability

Multi-Chassis Link Aggregation (MCLAG)

Quality of Service

Egress priority tagging
Explicit Congestion Notification
IEEE 1588 PTP (Transparent Clock)
IEEE 802.1p Based Priority Queuing
IP TOS/DSCP Based Priority Queuing
Percentage Rate Control

Management

Automation Stitches
Display Average Bandwidth and Allow Sorting on Physical Port / Interface Traffic
Dual Firmware Support
HTTP / HTTPS
IPv4 and IPv6 Management
Link Monitor
Managed from FortiGate
Packet Capture
POE Control Modes
Provide warning if L2 table is getting full
RMON Group 1
SNMP v1/v2c/v3
SNMP v3 traps
SNTP
Software download/upload: TFTP/FTP/GUI
SPAN, RSPAN, and ERSPAN
Standard CLI and Web GUI Interface
Support for HTTP REST APIs for Configuration and Monitoring
Syslog UDP/TCP
System alias command
System Temperature and Alert
Telnet / SS

RFC and MIB Support*

BFD

RFC 5880: Bidirectional Forwarding Detection (BFD)
RFC 5881: Bidirectional Forwarding Detection (BFD) for IPv4 and IPv6 (Single Hop)
RFC 5882: Generic Application of Bidirectional Forwarding Detection (BFD)

BGP

RFC 1771: A Border Gateway Protocol 4 (BGP-4)
RFC 1965: Autonomous System Confederations for BGP
RFC 1997: BGP Communities Attribute
RFC 2545: Use of BGP-4 Multiprotocol Extensions for IPv6 Inter-Domain Routing
RFC 2796: BGP Route Reflection - An Alternative to Full Mesh IBGP
RFC 2842: Capabilities Advertisement with BGP-4
RFC 2858: Multiprotocol Extensions for BGP-4
RFC 4271: BGP-4
RFC 6286: Autonomous-System-Wide Unique BGP Identifier for BGP-4
RFC 6608: Subcodes for BGP Finite State Machine Error
RFC 6793: BGP Support for Four-Octet Autonomous System (AS) Number Space
RFC 7606: Revised Error Handling for BGP UPDATE Messages
RFC 7607: Codification of AS 0 Processing
RFC 7705: Autonomous System Migration Mechanisms and Their Effects on the BGP
AS_PATH Attribute
RFC 8212: Default External BGP (EBGP) Route Propagation Behavior without Policies
RFC 8654: Extended Message Support for BGP

DHCP

RFC 2131: Dynamic Host Configuration Protocol
RFC 3046: DHCP Relay Agent Information Option
RFC 7513: Source Address Validation Improvement (SAVI) Solution for DHCP

IP/IPv4

RFC 2697: A Single Rate Three Color Marker
RFC 3168: The Addition of Explicit Congestion Notification (ECN) to IP
RFC 5227: IPv4 Address Conflict Detection
RFC 5517: Cisco Systems' Private VLANs: Scalable Security in a Multi-Client Environment
RFC 7039: Source Address Validation Improvement (SAVI) Framework

IP Multicast

RFC 2710: Multicast Listener Discovery (MLD) for IPv6 (MLDv1)
RFC 3569: An Overview of Source-Specific Multicast (SSM)
RFC 4541: Considerations for Internet Group Management Protocol (IGMP) and Multicast
Listener Discovery (MLD) Snooping Switches
RFC 4605: Internet Group Management Protocol (IGMP)/Multicast Listener Discovery
(MLD)-Based Multicast Forwarding (“IGMP/MLD Proxying”)
RFC 4607: Source-Specific Multicast for IP

IPv6

RFC 2464: Transmission of IPv6 Packets over Ethernet Networks: Transmission of IPv6
Packets over Ethernet Networks
RFC 2474: Definition of the Differentiated Services Field (DS Field) in the and IPv6
Headers (DSCP)
RFC 2893: Transition Mechanisms for IPv6 Hosts and Routers
RFC 4213: Basic Transition Mechanisms for IPv6 Hosts and Router
RFC 4291: IP Version 6 Addressing Architecture
RFC 4443: Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version
6 (IPv6) Specification
RFC 4861: Neighbor Discovery for IP version 6 (IPv6)
RFC 4862: IPv6 Stateless Address Auto configuration
RFC 5095: Deprecation of Type 0 Routing Headers in IPv6
RFC 6724: Default Address Selection for Internet Protocol version 6 (IPv6)
RFC 7113: IPv6 RA Guard
RFC 8200: Internet Protocol, Version 6 (IPv6) Specification
RFC 8201: Path MTU Discovery for IP version 6

IS-IS

RFC 1195: Use of OSI IS-IS for Routing in TCP/IP and Dual Environments
RFC 5308: Routing IPv6 with IS-IS

MIB

RFC 1213: MIB II parts that apply to FortiSwitch 100 units
RFC 1354: IP Forwarding Table MIB
RFC 1493: Bridge MIB
RFC 1573: SNMP MIB II
RFC 1643: Ethernet-like Interface MIB
RFC 1724: RIPv2-MIB
RFC 1850: OSPF Version 2 Management Information Base
RFC 2233: The Interfaces Group MIB using SMIv2
RFC 2618: Radius-Auth-Client-MIB
RFC 2620: Radius-Acc-Client-MIB
RFC 2665: Definitions of Managed Objects for the Ethernet-like Interface Types
RFC 2674: Definitions of Managed Objects for Bridges with Traffic Classes, Multicast
Filtering and Virtual LAN extensions
RFC 2787: Definitions of Managed Objects for the Virtual Router Redundancy Protocol
RFC 2819: Remote Network Monitoring Management Information Base
RFC 2863: The Interfaces Group MIB
RFC 2932: IPv4 Multicast Routing MIB
RFC 2934: Protocol Independent Multicast MIB for IPv4
RFC 3289: Management Information Base for the Differentiated Services Architecture
RFC 3433: Entity Sensor Management Information Base
RFC 3621: Power Ethernet MIB
RFC 6933: Entity MIB (Version 4)

OSPF

RFC 1583: OSPF version 2
RFC 1765: OSPF Database Overflow
RFC 2328: OSPF version 2
RFC 2370: The OSPF Opaque LSA Option
RFC 2740: OSPF for IPv6
RFC 3101: The OSPF Not-So-Stubby Area (NSSA) Option
RFC 3137: OSPF Stub Router Advertisement
RFC 3623: OSPF Graceful Restart
RFC 5340: OSPF for IPv6 (OSPFv3)
RFC 5709: OSPFv2 HMAC-SHA Cryptographic Authentication
RFC 6549: OSPFv2 Multi-Instance Extensions
RFC 6845: OSPF Hybrid Broadcast and Point-to-Multipoint Interface Type
RFC 6860: Hiding Transit-Only Networks in OSPF
RFC 7474: Security Extension for OSPFv2 When Using Manual Key Management
RFC 7503: OSPF for IPv6
RFC 8042: CCITT Draft Recommendation T.4
RFC 8362: OSPFv3 Link State Advertisement (LSA) Extensibility

OTHER

RFC 2030: SNTP
RFC 3176: InMon Corporation's sFlow: A Method for Monitoring Traffic in Switched and
Routed Networks
RFC 3768: VRRP
RFC 3954: Cisco Systems NetFlow Services Export Version 9
RFC 5101: Specification of the IP Flow Information Export (IPFIX) Protocol for the
Exchange of Flow Information
RFC 5798: VRRPv3 (IPv4 and IPv6)

RADIUS

RFC 2865: Admin Authentication Using RADIUS
RFC 2866: RADIUS Accounting
RFC 4675: RADIUS Attributes for Virtual LAN and Priority Support
RFC 5176: Dynamic Authorization Extensions to Remote Authentication Dial In User
Service (RADIUS)

RIP

RFC 1058: Routing Information Protocol
RFC 2080: RIPng for IPv6
RFC 2082: RIP-2 MD5 Authentication
RFC 2453: RIPv2
RFC 4822: RIPv2 Cryptographic Authentication

SNMP

RFC 1157: SNMPv1/v2c
RFC 2571: Architecture for Describing SNMP
RFC 2572: SNMP Message Processing and Dispatching
RFC 2573: SNMP Applications
RFC 2576: Coexistence between SNMP versions

Hardware Specifications

Total Network Interfaces

48x GE RJ45 and 4x 10GE SFP+

Dedicated Management 10/100 Port

RJ-45 Serial Console Port

Form Factor

1 RU Rack Mount

Power over Ethernet (PoE) Ports

PoE Power Budget

Mean Time Between Failures

> 10 years

System Specifications

Switching Capacity (Duplex)

176 Gbps

Packets Per Second (Duplex)

260 Mpps

MAC Address Storage

32 K

Network Latency

< 1µs

VLANs Supported

Link Aggregation Group Size

Total Link Aggregation Groups

Packet Buffers

2 MB

Memory

512 MB DDR3

Flash

64 MB

ACL

Spanning Tree Instances

Dimensions

Height x Depth x Width (inches)

1.73 x 10.24 x 17.32

Height x Depth x Width (mm)

44 x 260 x 440

Weight

7.63 lbs (3.46 kg)

Environment

Power Required

100–240V AC, 50-60 Hz

Power Supply

AC built in

Redundant Power

Power Consumption* (Average / Maximum)

55.8 W / 57 W

Heat Dissipation

194.37 BTU/h

Operating Temperature

32°F to 113°F (0°C to 45°C)

Storage Temperature

-4°F to 158°F (-20°C to 70°C)

Humidity

10% to 90% non-condensing

Air-Flow Direction

side-to-side

Noise Level

42.8 dBA

Ordering Information

Fortinet Corporate Social Responsibility Policyrn

Fortinet is committed to driving progress and sustainability for all through cybersecurity, with respect for human rights andrnethical business practices, making possible a digital world you can always trust. You represent and warrant to Fortinet that yournwill not use Fortinet’s products and services to engage in, or support in any way, violations or abuses of human rights, includingrnthose involving illegal censorship, surveillance, detention, or excessive use of force. Users of Fortinet products are requiredrnto comply with the Fortinet EULA and report any suspected violations of the EULA via the procedures outlined in the FortinetrnWhistleblower Policy.