Feature Matrix for FortiSwitchOS 7.4.

The following table lists the FortiSwitch features in Release 7.4.2 that are supported on each series of FortiSwitch models. All features are available in Release 7.4.2, unless otherwise stated. Features marked with 
are supported by FortiSwitch units in standalone mode; features marked with are supported in both standalone and in managed mode. Security Fabric features are available exclusively in managed mode when
supported by the FortiOS version.

Feature GUI FSR-112D- FSR-124D FSR-424F- 1xxE, 1xxF 200 Series 4xxE 500 Series 6xxF 1024D, 1024E, 2048F 3032E
Supported POE POE 1048E, T1024E

Security Fabric (exclusively in managed mode)

Centralized configuration

Centralized firmware
management
Automated detection and
recommendations
Syslog collection —

Device detection

Network device detection — — —

Block intra-VLAN traffic (See

note 7.)
Host quarantine

Integrated FortiGate network

access control (NAC)
function
NAC LAN segments (See
note 12.)
FortiGuard IoT identification

Support of matching
FortiClient EMS tags in NAC
policies
Support of matching IoT/OT
vulnerabilities in NAC
policies
Feature GUI FSR-112D- FSR-124D FSR-424F- 1xxE, 1xxF 200 Series 4xxE 500 Series 6xxF 1024D, 1024E, 2048F 3032E
Supported POE POE 1048E, T1024E

Dynamic port policies

FortiSwitch VLANs over — — — — — — — — — —

VXLAN (1024E, 1048E,
T1024E)
FortiLink management over — — — — — — —
VXLAN
FortiView Internal Hubs — —

NAC device telemetry — — —

Inter-VLAN routing offload — — — — — — — — —

(See note 19.)
FortiLink Secure Fabric — —
authentication
FortiLink Secure Fabric — —
encryption
FortiLink using HTTPS —

Management and Configuration

CPLD software upgrade — — — — — — — —  1024D — —

support for OS
Firmware image rotation —    124F, 124F-       
(dual-firmware image POE, 124F-
FPOE, 148E,
support)
148E-POE,
148F, 148F-
POE, 148F-
FPOE
HTTP REST APIs for —           
configuration and monitoring
Support for switch SNMP OID

IP conflict detection and            

notification
FortiLAN Cloud configuration            

FortiSwitch Manager            
configuration
Auto topology —
Feature GUI FSR-112D- FSR-124D FSR-424F- 1xxE, 1xxF 200 Series 4xxE 500 Series 6xxF 1024D, 1024E, 2048F 3032E
Supported POE POE 1048E, T1024E

Security and Visibility

RADIUS for administrative —           

authentication
TACACS+ for administrative —           
authentication
802.1X port mode

802.1X MAC-based mode

802.1X MAC-based mode: Wake- —           

on-LAN
User-based (802.1X) VLAN
assignment
802.1x: priority for dynamic or —
egress VLAN assignment
802.1X: MAB

802.1X: MAB entry aging

open-auth mode 

MAC move — —       —   

802.1X/MAB priority —           

Support of the RADIUS Partial

accounting server
Support of RADIUS CoA and —
disconnect messages
EAP pass-through

IP-MAC binding (IPv4)  — — — — — — —

sFlow (IPv4) 
(124F, 148E,
148F)
Flow export (IPv4)  —
(124F, 148F)
ACL (IPv4) (See note 16.)  

ACL (IPv6 ingress) — — —  —    —   

Feature GUI FSR-112D- FSR-124D FSR-424F- 1xxE, 1xxF 200 Series 4xxE 500 Series 6xxF 1024D, 1024E, 2048F 3032E
Supported POE POE 1048E, T1024E

Multistage ACL (IPv4)  — — — — — —  —   

Multiple ingress ACLs (IPv4)  —   —    —   

Schedule for ACLs (IPv4) — —       —   

Dynamic ACLs (IPv4) — —       —   

ACL: color marking (IPv4)  — —  —    —   

DHCP snooping (See note

15.)
DHCPv6 snooping  — —  —    —   

DHCP-snooping static entries —

(IPv4)
DHCP-snooping option 82 — —

Allowed DHCP server list 

Flap guard —

IP source guard (IPv4)  — — — — — —

IP source-guard violation log — —   —   — — — —

Dynamic ARP inspection (IPv4)  — —

ARP timeout value —           

RMON group 1 —           

Reliable syslog —           

Packet capture —
(124F, 148E,
148F)
MACsec: PSK mode (See note 6.)  — — — — — — — — —
(1024E,
T1024E)
MACsec: Dynamic-CAK mode  — — — — — — — — —
(See note 6.) (1024E,
T1024E)
Feature GUI FSR-112D- FSR-124D FSR-424F- 1xxE, 1xxF 200 Series 4xxE 500 Series 6xxF 1024D, 1024E, 2048F 3032E
Supported POE POE 1048E, T1024E

FIPS 140-2 (Level 2) support — — — — — — —

(424E, 424E- (1024E, 1048E,
FPOE, T1024E)
M426E-
FPOE, 424E-
Fiber, 448E,
448E-FPOE)
OS image signature verification  — —     — — 1024E, 1048E,  
(See note 17.) T1024E
Network monitor  —       —   

Layer 2

Link aggregation group size  8 8 8 8 8 8 24/48 28/56 24/48 48 24/64

(maximum number of ports)
(See note 2.)
LAG min-max bundle —

LACP fallback mode —        —   

IPv6 RA guard —        —   

IGMP snooping 

IGMP proxy 

IGMP querier —

MLD snooping  — — — — — —  —   

MLD proxy  — — — — — —  —   

MLD querier  — — — — — —  —   

LLDP transmit —

LLDP-MED —

LLDP-MED: ELIN support 

MAC learning limit (See note 3.) — — — —

Learning-limit violation log  — — —

(See note 3.)
Feature GUI FSR-112D- FSR-124D FSR-424F- 1xxE, 1xxF 200 Series 4xxE 500 Series 6xxF 1024D, 1024E, 2048F 3032E
Supported POE POE 1048E, T1024E

Learning-limit violation action —         — — —

set mac-violation-timer —

Sticky MAC 

Warning when the layer-2 — —   —    — — — —

table is getting full
MSTP instances — 0-15 0-15 0-15 0-15 0-15 0-15 0-32 0-32 0-32 0-32 0-32

STP root guard

STP BPDU guard

Rapid PVST interoperation —

'forced-untagged' or 'force- —
tagged' setting on switch
interfaces
Private VLANs  —   —    —   

Multi-stage load balancing — — — — — — — — —   

Priority-based flow control — — — — — — —  —   

Ingress pause metering — — — — — —

(1024D, 1048E)
Storm control 

Per-port storm control 

Global burst-size control  —

MAC/IP/protocol-based            
VLAN assignment
Virtual wire  —   —    —   

Loop guard 

Percentage rate control — — —

VLAN stacking (QnQ)  —   —    —   

Feature GUI FSR-112D- FSR-124D FSR-424F- 1xxE, 1xxF 200 Series 4xxE 500 Series 6xxF 1024D, 1024E, 2048F 3032E
Supported POE POE 1048E, T1024E

VLAN mapping (See note     124F, 124F-    —   

13.) POE, 124F-
FPOE, 148F,
148F-POE,
148F-FPOE
SPAN 

RSPAN and ERSPAN (IPv4)  —

(RSPAN) (RSPAN)
FortiOS one-arm sniffer — —
(RSPAN) (RSPAN)
Traffic policy (policer) — — — —

Flow control —

Layer 3

VXLAN (hardware based) — — — — — — — — —   

(1024E, 1048E,
T1024E)
VXLAN: STP virtual root — — —  — —   —   —
(1024E, 1048E,
T1024E)
VXLAN: ECMP — — — — — — — — —   
(1024E, 1048E,
T1024E)
RVI — — —  — — 448E, 448E-     
FPOE, 448E-
POE, 424E-
Fiber
Link monitor (IPv4/IPv6)            

Static routing (IPv4/IPv6) (See  —          

note 9.)
Software-based routing only   — —  — — —  — — —
(IPv4/IPv6) (IPv6)
Hardware-based routing  —   —       
(IPv4/IPv6) (IPv4)
ECMP with hardware-based — — — — — —      
routing (IPv4/IPv6) (IPv4)
Feature GUI FSR-112D- FSR-124D FSR-424F- 1xxE, 1xxF 200 Series 4xxE 500 Series 6xxF 1024D, 1024E, 2048F 3032E
Supported POE POE 1048E, T1024E

Static BFD (IPv4/IPv6)            

(IPv4)
uRPF — — — — — — —  —   

DHCP relay (IPv4)  —          

DHCP server (IPv4)            

Layer 3: Requires Advanced Features License

Policy-based routing (IPv4)  — —  —    —   

VRF (IPv4/IPv6)  — — — — — —     
(IPv4)
OSPF (IPv4/IPv6)  — —  —       

BFD for OSPF (IPv4/IPv6)  — —  —       

OSPF database overflow — — —  —       

protection (IPv4)
OSPF graceful restart (IPv4, — — —  —       
helper mode only)
OSPF: VRF support (IPv4)  — — — — — —     

RIP (IPv4/IPv6)  — —  —       

BFD for RIP (IPv4/IPv6) — — —  —       

VRRP (IPv4/IPv6)  — —  —       
(IPv4)
BGP (IPv4/IPv6) — — —  — —      

BFD for BGP (IPv4/IPv6) — — —  — —      

IS-IS (IPv4/IPv6)  — —  —       

BFD for IS-IS (IPv4/IPv6) — — —  —       

PIM (IPv4)  — — — — —   —   

VXLAN: BGP EVPN — — — — — — — — —   

(1024E, 1048E,
T1024E)
Feature GUI FSR-112D- FSR-124D FSR-424F- 1xxE, 1xxF 200 Series 4xxE 500 Series 6xxF 1024D, 1024E, 2048F 3032E
Supported POE POE 1048E, T1024E

VXLAN: Duplicate address — — — — — — — — —   

detection (1024E, 1048E,
T1024E)
VXLAN: ARP/ND — — — — — — — — —   
suppression (1024E, 1048E,
T1024E)
High Availability

MCLAG (multichassis link Partial — — — —

aggregation group)
STP supported in MCLAGs — — — — —

IGMP snooping support in MCLAG  — — — —

Layer-3 (IPv4) routing in MCLAG — — — VRRP and — VRRP and VRRP and  —   
static static static
High-Availability Seamless — — —  — — — — — — — —
Redundancy (HSR) (See note 20.)
Parallel Redundancy Protocol — — —  — — — — — — — —
(PRP) (See note 20.)
MRP —   — — — — — — — — —

Quality of Service

802.1p support, including  — —

priority queuing trunk and
WRED (See note 18.)
QoS queue counters — — — —

Tail-drop policy  —       —   

RED drop policy  —  — —  — — — — — —

WRED drop policy  — —  — —   —   

Egress drop mode — — — — — — —  —   

QoS marking (IPv4/IPv6) — —   —    —   

Summary of configured queue — —

mappings
Egress priority tagging (IPv4/IPv6) — — — —
Feature GUI FSR-112D- FSR-124D FSR-424F- 1xxE, 1xxF 200 Series 4xxE 500 Series 6xxF 1024D, 1024E, 2048F 3032E
Supported POE POE 1048E, T1024E

ECN (IPv4/IPv6)  — — — — —

Real-time egress queue rates — — —  148F, 148F-    —   

(See note 11.) POE, 148F-
FPOE
Miscellaneous

PoE-pre-standard detection (See — — — — —

note 1.) (1xxE-POE)
PoE modes support: first — — — —
come, first served or priority (1xxE-POE)
based (PoE models)
Perpetual PoE (See notes 1 and — — —  — — — — — —
14.)
PoE disconnection type — — —  —   — — — — —

Split port (See note 5.) Partial — — — — — — — —

(1024E, 1048E,
T1024E)
TDR (time-domain — — — — —
reflectometer)/cable
diagnostics support
Auto module max speed detection  — — — — — —     —
and notification
Monitor system temperature —           
(threshold configuration and
SNMP trap support) (See
note 10.)
MAC notification SNMP trap —           

Cut-through switching — — — — — — — — — 1024D — 

Add CLI to show the details of port —

statistics
Configuration of the QSFP low- — — — — — — —  — 1024E, 1048E,  
power mode T1024E
Energy-efficient Ethernet          — — —

PHY Forward Error Correction — — — — — — — —  1024E, 1048E,  

(See note 4.) T1024E
PTP version 2 transparent clock — — — — —
(IPv4/IPv6) (See note 8.) (1024E, 1048E,
Feature GUI FSR-112D- FSR-124D FSR-424F- 1xxE, 1xxF 200 Series 4xxE 500 Series 6xxF 1024D, 1024E, 2048F 3032E
Supported POE POE 1048E, T1024E

T1024E)
Alias commands —           

Automation stitches —           

Multiple path traceroute            

Wake-on-LAN packets —           

Save event log in flash — —   —    —   

memory

Notes
1. PoE features are applicable only to the model numbers with a POE or FPOE suffix.
2. The 24-port LAG is applicable to FS-524D, FS-524-FPOE, FS-1024D, and FS-3032D models. The 48-port LAG is applicable to FS-548D, FS-548-FPOE, and FS-1048D models.
3. The per-VLAN MAC learning limit is not supported on the FS-108E, FS-108E-POE, FS-108E-FPOE, FS-108F, FS-108F-POE, FS-108F-FPOE, FS-124E, FS-124E-POE, FS-124E-FPOE, FS-124F, FS-124F-
POE, FS-124F-FPOE, FS-448D, FS-448D-POE, FS-448D-FPOE, FS-248E-POE, FS-248E-FPOE, and FS-248D models. The per-trunk MAC learning limit is not supported on the FS-448D, FS-448D-POE, FS-
448D-FPOE, FS-248E-POE, FS-248E-FPOE, and FS-248D models.
4. Supported only in 100G mode (clause 91).
5. On the FS-3032E, you can split one port at the full base speed, split one port into four sub-ports of 25-Gbps each (100G QSFP only), or split one port into four sub-ports of 10-Gbps each (40G or 100G QSFP).
6. Supported on the 10G ports on the FS-5xxD models, the 10G and 100G ports on the FS-1024E model, and the 100G ports on the FS-T1024E model.
7. The maximum number of access VLANs on the FS-1xxE, FS-108F, FS-108F-POE, and FS-108F-FPOE models is 16; the maximum number of access VLANs on the FS-148F models is 32.
8. PTP is not supported on the FS-248E, FS-248E-POE, FS-248E-FPOE, FS-448D, FS-448D-POE, and FS-448D-FPOE models. The FSR-424F-POE model supports PTP transparent clock with IPv4 addresses
only.
9. In managed mode, static routing is supported exclusively for system management and connectivity to Security Fabric connectors.
10. This feature is not supported by the FS-108E, FS-108E-POE, FS-108E-FPOE, FS-108F, FS-108F-POE, FS-108F-FPOE, FS-124E, FS-124F, and FS-224E models.
11. The FS-148F, FS-148F-POE, and FS-148F-FPOE models report the drop rate as 0 or +VE for a positive rate.
12. There are some limitations on LAN segments on the FSR-112D-POE, FS-108E, FS-108E-POE, FS-108E-FPOE, FS-108F, FS-108F-POE, FS-108F-FPOE, FS-124E, FS-124E-POE, FS-124E-FPOE, FS-148E,
and FS-148E-POE models. See the FortiLink Guide (FortiOS 7.4.2) for details.

13. Partial VLAN mapping is supported by the FS-124F, FS-124F-POE, FS-124F-FPOE, FS-148F, FS-148F-POE, FS-148F-FPOE, and FSR-112D-POE models. See the FortiSwitchOS Administration Guide 7.2.0
for details.

14. When the FortiSwitch unit is using poe-port-power perpetual-fast, the following BIOS versions are required: 4000014 or higher for FS-108E-POE, FS-108E-FPOE, FS-124E-POE, and FS-124E-FPOE;
4000011 or higher for FS-148E-POE; 4000006 or higher for FS-108F-FPOE; and 4000007 or higher for FS-108F-POE.
 15. The FS-1xx models allow you to enable DHCP snooping on a maximum of 25 VLANs.

16. Only the ACL ingress policy is supported in FortiLink mode. The following FortiSwitch models do not support ACL in FortiLink mode: FS-108E, FS-108E-POE, FS-108E-FPOE, FS-108F, FS-108F-POE, FS-
108F-FPOE, FS-124E, FS-124E-POE, FS-124E-FPOE, FS-124F, FS-124F-POE, FS-124F-FPOE, FS-148E, FS-148E-POE, FS-148F, FS-148F-POE, FS-148F-FPOE, and FSR-112D-POE.

17. OS image signature verification is not supported on the FS-224D-FPOE and FS-248D models.

18. The FS-1xxE and FS-1xxF models support a single QoS map. If there is more than one QoS map, the first configured map is used.

19. Inter-VLAN routing offload requires an advanced features license.

20. HSR and PRP can also be used with FortiLink. For more details, see the FortiLink Guide.
Copyright© 2023 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., in the U.S. and other jurisdictions, and other Fortinet names herein may also be registered and/or common law trademarks of
Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network
environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General
Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For
absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. In no event does Fortinet make any commitment related to future deliverables, features, or development, and circumstances may change such that any forward-looking
statements herein are not accurate. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the
publication shall be applicable.