PoE NGFW?

[KCL]

Does such an animal exist? Building a small office with all PoE phones and security cameras. I was hoping to do everything from the NGFW but most that I've found have a limited number of actual PoE ports.

If I do get something rated as a PoE switch, am I wrong to assume that all the ports support PoE? Example: s3410-24ts

 

[degrub]

You should be able to use separate POE injectors, but check what the phones require. Surprised the phone vendor doesn't have a recommended POE switch.

 

[thiggins]

If I do get something rated as a PoE switch, am I wrong to assume that all the ports support PoE? Example: s3410-24ts

Yes, you would be wrong. You need to check the switch specs.

 

[KCL]

Thanks -- I did read through the specs and it wasn't clear to me. But again, I am more software oriented than hardware, so some of the terminology might have blurred my interpretation. I know that the Firewall we're looking at specifically pointed out that only two of the ports were PoE.

So, is there a full PoE switch out there? Looking for at least 24 ports (hopefully stackable). Using injectors for every port seems like a bit of a kludge -- but if it's what I have to do, so be it.

 

[degrub]

Cisco probably has a few as we use their POE phones. i never looked in the closet for that aspect though.

 

[John Davis]

So, is there a full PoE switch out there? Looking for at least 24 ports (hopefully stackable). Using injectors for every port seems like a bit of a kludge -- but if it's what I have to do, so be it.

plenty of vendors do 48 port poe switches ( ubiquiti, mikrotik, cambium, engenius and of course cisco), though you still need to watch your total power budget - hopefully your phones are relatively low draw)

 

[KCL]

plenty of vendors do 48 port poe switches ( ubiquiti, mikrotik, cambium, engenius and of course cisco), though you still need to watch your total power budget - hopefully your phones are relatively low draw)

Thanks for the input, John!

Is the concern on the draw a per-port issue or total draw on the switch for all connected phones? The model I'm looking at is this Poly VVX 411 and we'll have at least 5 to start with but expect up to 10. The plan is to also be adding some PoE Cameras into the mix. Would I be better off using two smaller switches (one for cameras and one for phones) instead of one large one?


Scott.

 

[John Davis]

Thanks for the input, John!

Is the concern on the draw a per-port issue or total draw on the switch for all connected phones? The model I'm looking at is this Poly VVX 411 and we'll have at least 5 to start with but expect up to 10. The plan is to also be adding some PoE Cameras into the mix. Would I be better off using two smaller switches (one for cameras and one for phones) instead of one large one?

max draw on the vvx411 is 5w ( https://support.polycom.com/content...ther-documents/en/2016/eng-advise-ea48152.pdf ) - so they’re well within the 802.af limit ( 13W ) - it’s just that you need to make sure the total draw for ALL your devices plugged into the switch stay within the total power delivery rating of that switch.

So with 10 phones you’re going to have 50W of load on the switch - you then need to add in the load from the cameras, and size the switch appropriately in terms of it’s ability to power them all ( you do NOT want to be running the switch at 100% power load)

 

[Trip]

@KCL - Scott, an NGFW box with an integrated PoE switch, let alone one with more than 4-5 PoE ports, is a rare bird, and a dying one at that.

IMHO, your best option is the outgoing (but still available) Fortinet FortiGate 80E-POE or 81E-POE, with 12 total PoE+ ports (datasheet here). They're about $1K new, $2-5K depending on what level and length of licensing you add on. The replacement "F" series will give you considerably more throughput per dollar, but Fortinet has reduced the size of the onboard PoE+ switch down to 8 ports (datasheet here).

There are also lower port-count options from Sophos, Sonicwall and Forcepoint, but none with enough PoE ports for your use-case, plus I think Fortinet makes a better overall product and ecosystem than any of those vendors.

There's also the SMB VPN router/firewall products, like the recently EOS Cisco RV345P or DrayTek 2952P, but they're more or less completely lacking in the NGFW/UTM front when compared to the likes of a FortiGate.

Anyways, hope that helps. Any more questions, feel free.

 

[KCL]

Well, the business is going to expand (hopefully!) and will be running the phones off of the PoE ports as well. To support the phones+cameras, I settled on this for my L3 PoE switch: Cisco SG350-52P. They just upped the cameras to 10, so I thought a 24 port might get tight so I opted for the 52 port. We'll have a Cisco Firepower 1120 in front of it.

Now, I know that we're going to be doing a VPN connection with at least one mobile user. Will the above config support Cisco Anyconnect? Also, there are plans to create a second office and have a full time VPN to connect both offices during the day. My thinking was to basically duplicate the config in the new office, using the same hardware and have the NGFWs do the lifting there.

Thanks a bunch, BTW.

 

[coxhaus]

I set up 19 IP Polycom phones using Cisco small business switches and router. They worked well.

I have a thread on supporting a small business. It was my daughters' real estate office.

Is all the wiring in place? Home run as much wiring as possible. Can you fit in 1 wiring closet? Is the dmarc in your closet or do you have a run from the dmac to your closet? Is the dmarc run copper or fiber? You need to consider all this when you plan your switches.