Introduction
FortiSwitch Manager (FSWM) is the on-premise management platform for the FortiSwitch product. FortiSwitch units connect to FSWM over the layer-3 network. You can configure a large number of FortiSwitch units with this FortiSwitch-management-only platform. FortiSwitch Manager provides a user experience consistent with the FortiLink Switch Controller.
This document provides the following information for FortiSwitch Manager 7.2.2 build 0122.
Supported models
FortiSwitch Manager 7.2.2 supports the following models:
| FortiSwitch 1xx | FS-108E, FS-108E-POE, FS-108E-FPOE, FS-108F, FS-108F-POE, FS-108F-FPOE, FS-124E, FS-124E-POE, FS-124E-FPOE, FS-124F, FS-124F-POE, FS-124F-FPOE, FS-148E, FS-148E-POE, FS-148F, FS-148F-POE, FS-148F-FPOE |
| FortiSwitch 2xx | FS-224D-FPOE, FS-224E, FS-224E-POE, FS-248D, FS-248E-POE, FS-248E-FPOE |
| FortiSwitch 4xx | FS-424E, FS-424E-POE, FS-424E-FPOE, FS-424E-Fiber, FS-M426E-FPOE, FS-448E, FS-448E-POE, FS-448E-FPOE |
| FortiSwitch 5xx | FS-524D, FS-524D-FPOE, FS-548D, FS-548D-FPOE |
| FortiSwitch 1xxx | FS-1024D, FS-1024E, FS-1048E, FS-T1024E |
| FortiSwitch 3xxx | FS-3032E |
| FortiSwitch Rugged | FSR-112D-POE, FSR-124D, FSR-424F-POE |
Refer to the FortiSwitch feature matrix for details about the features supported by each FortiSwitch model.
Compatibility
FortiSwitch Manager 7.2.2 is compatible with FortiSwitchOS 6.4.6 build 0470 or later.
Web browser support
| Web browser |
Other web browsers might function correctly but are not supported by Fortinet. |
Virtualization environment support
|
Hypervisor |
Recommended versions |
|---|---|
|
Citrix Hypervisor |
|
| Linux KVM |
|
| Microsoft Windows Server |
|
| Windows Hyper-V Server |
|
|
Open source XenServer |
|
|
VMware ESX |
|
|
VMware ESXi |
|
System requirements
|
Number of managed FortiSwitch units |
vCPU |
Memory (GB) |
Hard disk |
|---|---|---|---|
|
1-10 |
8 (minimum 4) |
8 (minimum 4) |
1 TB (minimum 32 GB) |
| 10-100 |
16 (minimum 8) |
16 (minimum 8) |
1 TB (minimum 32 GB) |
| 100-1,000 |
32 |
32 (minimum 16) |
1 TB (minimum 32 GB) |
|
1,000-2,500 |
32 |
32 (minimum 16) |
1 TB (minimum 32 GB) |
Supported Switch Controller features
| Switch Controller Features | FortiSwitch Models |
|---|---|
|
Centralized VLAN Configuration |
D-series, E-series, F-series |
|
Switch POE Control |
D-series, E-series |
|
Link Aggregation Configuration |
D-series, E-series, F-series |
|
Spanning Tree Protocol (STP) |
D-series, E-series, F-series |
|
LLDP/MED |
D-series, E-series, F-series |
|
IGMP Snooping |
D-series, E-series, F-series |
|
802.1X Authentication (Port-based, MAC-based, MAB) |
D-series, E-series, F-series |
|
Syslog Collection |
D-series, E-series, F-series |
|
DHCP Snooping |
D-series, E-series, F-series |
|
LAG support |
D-series, E-series, F-series |
|
sFlow |
Not supported on FS-1xxE Series |
|
Dynamic ARP Inspection (DAI) |
D-series, E-series, F-series |
|
Port Mirroring |
D-series, E-series |
|
RADIUS Accounting |
D-series, E-series, F-series |
|
Centralized Configuration |
D-series, E-series, F-series |
|
STP BDPU Guard, Root Guard, Edge Port |
D-series, E-series, F-series |
|
Loop Guard |
D-series, E-series, F-series |
|
Switch admin Password |
D-series, E-series |
|
Storm Control |
D-series, E-series, F-series |
|
802.1X-Authenticated Dynamic VLAN Assignment |
D-series, E-series, F-series |
|
QoS |
Not supported on FSR-112D-POE |
|
Centralized Firmware Management |
D-series, E-series, F-series |
|
Automatic network detection and configuration |
D-series, E-series |
|
Dynamic VLAN assignment by group name |
D-series, E-series |
|
Sticky MAC addresses |
D-series, E-series, F-series |
|
NetFlow and IPFIX flow tracking and export |
D-series, E-series |
|
MSTP instances |
D-series, E-series, F-series |
|
QoS statistics |
D-series, E-series |
|
Configuring SNMP |
D-series, E-series, F-series |
|
IPv4 source guard |
FSR-124D, FS-224D-FPOE, FS-248D, FS-424D-POE, FS-424D-FPOE, FS-448D-POE, FS-448D-FPOE, FS-424D, FS-448D, FS-2xxE, and FS-4xxE |
|
Point-to-point layer-2 network supported |
D-series, E-series, F-series |
|
Dynamic detection of LLDP neighbor devices |
D-series, E-series |
|
Explicit congestion notification (ECN) |
FS-1024D, FS-1048D, FS-1048E, FS-3032D, FS-3032E, FS-4xxE, and FS-5xxD |
|
Aggregation mode selection for trunk members |
D-series, E-series |
|
Multiple attribute values sent in a RADIUS Access-Request |
D-series, E-series |
|
PTP transparent-clock mode |
FS-1048E, FS-224D, FS-224E, FS-3032D, FS-3032E, FS-424D, FS-4xxE, and FS-5xxD |
|
Rapid PVST interoperation |
D-series, E-series, F-series |
|
Flash port LEDs |
D-series, E-series |
|
Cable diagnostics |
Not supported on FSR-112D-POE, FS-1024D, FS-1048D, FS-1048E, FS-3032D, or FS-3032E |
|
Flow control |
D-series, E-series, F-series |
|
Ingress pause metering |
200 series, 400D and 400E series, 500 series, FS-1024D, FS-1048D, FS-1048E, and FS-3032D |
|
RVI |
448E, 448E-FPOE, 448E-POE, 424E-Fiber, 500 series, 1024D, 1024E,1048E, T1024E, 3032E |
|
Static routing (IPv4/IPv6) |
D-series, E-series, F-series (except FSR-112DPOE) |
|
VRF (IPv4/IPv6) |
500 series, 1024D, 1024E,1048E, T1024E, 3032E |
|
Automation stitches |
D-series, E-series, F-series |
|
Templates for managed-switch configurations |
D-series, E-series, F-series |
|
DHCP-snooping static entries (IPv4) |
D-series, E-series, F-series |
NOTE: The following features are not supported:
- High availability (HA)
- FortiLink layer-2 mode
- UTM/security services (These are not needed because FortiSwitch Manager is not in the data path.)
- Network access control (NAC)
- Hardware switch
- Remote SPAN (RSPAN)
- Quarantines
- Integration with FortiAnalyzer
Whatʼs new in FortiSwitch Manager 7.2.2
The following new features are available in FortiSwitch Manager 7.2.2:
-
You can now log dynamic MAC address events.
-
You can now configure an automation stitch by specifying a trigger and the action to be performed. The automation stitch can be triggered by logged events, switch reboots, low memory, high CPU usage, license about to expired, configuration changes, and scheduled times. The triggered action can be sending an email message, displaying an alert in the console, sending data to a uniform resource identifier (URI), running a CLI script, or performing an immediate system operation on the FortiSwitch Manager unit.
-
You can now use the CLI to do the following:
-
Create a template.
-
Copy a managed-switch configuration to a template.
-
Apply the template to a managed switch.
-
Apply the configuration of one managed switch to another managed switch.
You can manually apply configuration changes to up to 10 FortiSwitch units at a time or automatically apply changes to an unlimited number of switches using switch groups. Using templates makes it easier to configure new switches and to ensure that the same changes are made consistently to all switches of the same model.
-
-
You can now specify whether your managed FortiSwitch configuration is automatically backed up each time a user logs out or before a system upgrade is started. By default, both options are disabled.
-
You can now use the CLI to specify how often the managed FortiSwitch unit will send IGMP version-2 queries when the IGMP-snooping querier is configured.
-
You can now specify static entries for DHCP snooping and dynamic ARP inspection (DAI) by manually associating an IP address with a MAC address in the CLI.
-
You can now use the CLI to configure the Power over Ethernet (PoE) port mode (IEEE802.3 AF, IEEE802.3 AT, or IEEE802.3 BT), port priority (critical, high, medium, or low), and port power (normal, perpetual, or perpetual fast) on managed switches.
-
The Device Information column on the Switch Controller > FortiSwitch Ports page now displays the MAC address connected to that port.