Fortinet black logo

Large Campus Deployment Guide

Home FortiSwitch 7.0.0 Large Campus Deployment Guide

Design overview

7.0.0
7.4.0
7.2.0
7.0.0
Copy Link
Copy Doc ID 89ed3d92-8935-11ec-9fd1-fa163e15d75b:420648
Download PDF

Design overview

Use case and topology

The following figure shows the reference architecture:

Design concept and considerations

In the core level of the reference architecture, two FortiGate units form a high availability (HA) cluster. They manage a pair of FortiSwitch units that form an MCLAG peer group. The core-level switches interconnect to the FortiGate units and provide aggregate distribution ports. The FortiGate units function as the next-generation firewall and the Security Fabric controller; they also connect to the wide-area network (WAN). In the deployment example, the core level is the main building communications room.

The distribution level of the reference architecture is composed of multiple pairs of FortiSwitch units that form the MCLAG peer groups. The distribution-level switches interconnect to the core-level switches and aggregate multiple access switches. In the deployment example, the distribution level is the building communications room.

The access level of the reference architecture consists of the following:

  • Multiple pairs of FortiSwitch units forming the MCLAG peer groups

  • Multiple dual-homed access switches

  • Multiple access switches in a ring topology

The access-level switches interconnect endpoints to the network and enforce security at the access ports. In the deployment example, the access level is one floor of each building.

Previous
Next

Design overview

Use case and topology

The following figure shows the reference architecture:

Design concept and considerations

In the core level of the reference architecture, two FortiGate units form a high availability (HA) cluster. They manage a pair of FortiSwitch units that form an MCLAG peer group. The core-level switches interconnect to the FortiGate units and provide aggregate distribution ports. The FortiGate units function as the next-generation firewall and the Security Fabric controller; they also connect to the wide-area network (WAN). In the deployment example, the core level is the main building communications room.

The distribution level of the reference architecture is composed of multiple pairs of FortiSwitch units that form the MCLAG peer groups. The distribution-level switches interconnect to the core-level switches and aggregate multiple access switches. In the deployment example, the distribution level is the building communications room.

The access level of the reference architecture consists of the following:

  • Multiple pairs of FortiSwitch units forming the MCLAG peer groups

  • Multiple dual-homed access switches

  • Multiple access switches in a ring topology

The access-level switches interconnect endpoints to the network and enforce security at the access ports. In the deployment example, the access level is one floor of each building.

Previous
Next