Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 40 subscribers
  • Views 4693 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Best Practices for Sophos XG 310 Network Switches - Layer2 Layer3

Rene Glasow

Do I need a Layer 3 Switch to manage my VLAN with the Sophos XG 310? I am planning a HA-Setup with two Sophos XG 310 appliances and three VLANs in total.

I read so many different opinions and I am kind of confused, if a L3 Switch is necessary. So can someone please explain to me what are the pros of L3?

I also read of some L2+ Switches.



This thread was automatically locked due to age.
Parents
  • 0

    Depending on your desired setup.

    A Layer 3 Switch will route the traffic directly between the VLANs. 

    A Layer 2 Switch will forward the traffic to XG and XG will route the traffic. 

     

    Pros  / Cons are like always:

    If XG sees the traffic, it can do something. 

    L3 Switches are likely more expensive.

    L3 switches are likely to be faster. 

     

    Both will work. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Thanks for your fast answer!

    But this doesn´t mean that with a L3 I am not able to route/scan the internal traffic?

  • 0 in reply to Rene Glasow

    As a Layer 3 switch will route the traffic directly, XG cannot see the traffic. Thats the porpuse of a Layer3 Switch. It will directly connect both networks and route the traffic from Subnet A to Subnet B. XG is not involved. Only traffic to the default gateway for example will be scan able by XG. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Thanks again. So with your previous answers, I would build it like this? We also have one 10GB backbone and I would use two 10GB L2 switches (orange). Would this setup do the work?

  • 0 in reply to Rene Glasow

    You would point all VLANs to the XG and XG will do the routing. Yes. 

    __________________________________________________________________________________________________________________

Reply Children
  • 0 in reply to LuCar Toni

    Ok, one dumb last question (I hope). :)

    I initially planned with L3 all the way through the network.

    With this great information I received now from you, does it still make sense at all to go with L3 switches behind those 3 VLAN L2 switches?

    We are a liiittle bit on a budget right now and looking for the best solution that is still easy to maintain.

  • 0 in reply to Rene Glasow

    Depends on the speed you want to archieve. As a Layer 3 switch can likely get the 10 GBit/s throughput, XG310 could slow down this a bit. 

    (IPS and other services will slow down the speed compared to a backbone "plain" routing device). 

    Actually a L3 Switch in front of a L2 Switch does not make much sense. Maybe i misread your diagram, if those are 4 switches, i dont see the benefits of those L3 switches. They would do the same as the XG would do. If a Layer 3 switch does not hold all VLANs, it will still send the traffic to XG. 

    If a layer 3 switch holds all VLANs, it will interVLAN route the traffic. 

     

    __________________________________________________________________________________________________________________

Unfiltered HTML