• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Help for interconnecting firewall and multiple switches

Scheduled Pinned Locked Moved L2/Switching/VLANs
2 Posts 1 Posters 301 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • R
    rb_it_pf
    last edited by rb_it_pf Feb 11, 2020, 5:10 PM Feb 11, 2020, 5:08 PM

    I am relatively new to interconnecting firewalls and multiple switches. If anyone has any tips on how to connect the following hardware with consideration for my network, I'd greatly appreciate it. BTW: I have never used SFP ports or link aggregation, just simple VLAN tagging over a single link.

    My firewall is a Netgate XG-2758. It consists of 2x SFP+, 4x GbE ports, and the 4 port 1GB expansion card. Downstream from the XG, I have two managed switches a) HPE OfficeConnect 1920S 48G 4SFP), and b) HPE OfficeConnect 1820 24G (with 2SFP). My network consists of approximately 10 VLANs, 2 WANs, and a single network management VLAN. A point of sale system sits on one of my 10 VLANs, and I would like to dedicate the HPE 1820 24G to that specific network.

    What is the best way to connect up my XG to the two HPE switches?

    • Should I use SFP+ on my firewall to connect up to the two HPE switches' SFP ports? If so, how should I patch them together? Are there any compatibility issues between SFP and SFP+ that I need to be aware of? Do the switches or does the firewall require any specific configuration? I don't have any transceivers, or optical cable.
    • Should I use link aggregation on the firewall's 1GbE ports? For example, I could define the 4 expansion ports on the XG as a LAGG interface, patching into 4 ports on the HPE 1920S 48G. From there I could take a single, tagged link connecting it up to the HPE 1820 24G which is dedicated to the point of sale VLAN. I should note that I do all of my routing/access rules at the pfSense.

    A side question, is it bad practice or even possible to define multiple uplinks on a managed switch to a single firewall. These uplinks would connect to several dedicated 1GbE ports on the firewall. The switch would be sectioned into several port groups each with its on uplink to a dedicated 1GbE interface on the firewall.

    Thank you.

    1 Reply Last reply Reply Quote 0
    • R
      rb_it_pf
      last edited by Feb 12, 2020, 1:36 PM

      Update:
      I have decided to use LAGG to distribute traffic from the XG to the first switch, HPE 1920S-48G.

      Would it be recommended to continue using LAGG from the HPE 1920 to my second switch, HPE OfficeConnect 1820 24G? Can I simply tag a port with VLANs needed for switch two? Bandwidth needs are minimal for the VLANs dedicated on this second switch.

      Thanks.

      1 Reply Last reply Reply Quote 0
      2 out of 2
      • First post
        2/2
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
        This community forum collects and processes your personal information.
        consent.not_received