Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Help for interconnecting firewall and multiple switches

    Scheduled Pinned Locked Moved L2/Switching/VLANs
    2 Posts 1 Posters 301 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rb_it_pf
      last edited by rb_it_pf

      I am relatively new to interconnecting firewalls and multiple switches. If anyone has any tips on how to connect the following hardware with consideration for my network, I'd greatly appreciate it. BTW: I have never used SFP ports or link aggregation, just simple VLAN tagging over a single link.

      My firewall is a Netgate XG-2758. It consists of 2x SFP+, 4x GbE ports, and the 4 port 1GB expansion card. Downstream from the XG, I have two managed switches a) HPE OfficeConnect 1920S 48G 4SFP), and b) HPE OfficeConnect 1820 24G (with 2SFP). My network consists of approximately 10 VLANs, 2 WANs, and a single network management VLAN. A point of sale system sits on one of my 10 VLANs, and I would like to dedicate the HPE 1820 24G to that specific network.

      What is the best way to connect up my XG to the two HPE switches?

      • Should I use SFP+ on my firewall to connect up to the two HPE switches' SFP ports? If so, how should I patch them together? Are there any compatibility issues between SFP and SFP+ that I need to be aware of? Do the switches or does the firewall require any specific configuration? I don't have any transceivers, or optical cable.
      • Should I use link aggregation on the firewall's 1GbE ports? For example, I could define the 4 expansion ports on the XG as a LAGG interface, patching into 4 ports on the HPE 1920S 48G. From there I could take a single, tagged link connecting it up to the HPE 1820 24G which is dedicated to the point of sale VLAN. I should note that I do all of my routing/access rules at the pfSense.

      A side question, is it bad practice or even possible to define multiple uplinks on a managed switch to a single firewall. These uplinks would connect to several dedicated 1GbE ports on the firewall. The switch would be sectioned into several port groups each with its on uplink to a dedicated 1GbE interface on the firewall.

      Thank you.

      1 Reply Last reply Reply Quote 0
      • R
        rb_it_pf
        last edited by

        Update:
        I have decided to use LAGG to distribute traffic from the XG to the first switch, HPE 1920S-48G.

        Would it be recommended to continue using LAGG from the HPE 1920 to my second switch, HPE OfficeConnect 1820 24G? Can I simply tag a port with VLANs needed for switch two? Bandwidth needs are minimal for the VLANs dedicated on this second switch.

        Thanks.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.