• Hi,

    I'm in the process of getting rid of our old router while reworking our network. Got me a Netgate SG-5100 thinking the licencing solution is good, the software does what I'll ever want from it and the hardware should do what I describe below. But it's an impenetrable wall of geeky stuff, and man it's hard to get thigs right the first go, especially when you don't have a test environment.

    Small RnD lab, and IT is pretty low on my list of priorities and skills but here's what I'm after:

    Two networks. Let's say:
    LAB 10.42.0.0
    OFFICE 192.168.0.0

    I have sg-5100 and I'd like to set the interfaces as such
    WAN( IGB0) to fiber
    LAN (IGB1) to failover 5G
    OPT1 (ixo) uplink to LAB main switch 1
    OPT2 (ix1) uplink to LAB main switch 2
    OPT3 (ix2) uplink to OFFICE main switch 1
    OPT4 (ix2) uplink to OFFICE main switch 2

    The four switches are physically redundant pairs since the critical LAB and OFFICE equipment have at least dual ports.

    Not much traffic between these networks needed. A few MACs from both sides should have full access, and only the LAB environment needs a VPN connection.

    LAB environment would be half a dozen VM's, management, and the physical lab equipment. OFFICE environment is a mess of insecure BYOB laptops, random IoT things and old printer servers. Disgusting really. I'd like the LAB environment to be quiet and redundant, so things can break without me having to pull long weekends and all-nighters in crisis mode.

    I'm trying to make the Netgate a single point of failure, because it's easy to replace. Therefore I'd like to attach my core switches directly to the firewall and "split" the OPT interfaces into two pairs.

    I can have everything in a flat network inside these two LANs, if setting up VLANS after paired OPTs becomes convoluted.

    I think this might be a bit beyond me in skill and resource, and even somewhat extensive googling didn't get me too far.

    Any pointers? Hand holding would be appreciated, but more general hand waving to the right direction is much welcome.

    Thanks,
    Jon