Configuring Sophos XG136 Firewall port for connecting switches.

Question

We have 40 Srvers and we want all the users to connect the servers through XG-136. We have 40 Switches out of which 4 are connected to servers. All of these switches which are connected to servers I want to connect them to North End of the Firewall and our L3 will be connected to south end of the Fitewall. Servers IP addresses are 157.61.3.0/24 whereas Switches have 157.61.10.0/24 as their Managemen IP.s. Users are devided into 4 VLANs. 157.61.2.0/24, 157.61.4.0/24, 157.61.5.0/24, 157.61.6.0/24 respectively 
 Kindly advice how to configure Firewall ports for switches which are connected to servers.

FormerMember · Answer

Hi EDP AFRO , 
 EDP AFRO said: Servers IP addresses are 157.61.3.0/24 whereas Switches have 157.61.10.0/24 as their Managemen IP.s. 
 You can configure a physical interface with 157.61.10.0/24 subnet and then configure routing on Sophos Firewall to connect to server network 157.61.3.0/24 . Assuming this interface is kept in the DMZ zone. 
 EDP AFRO said: Users are devided into 4 VLANs. 157.61.2.0/24, 157.61.4.0/24, 157.61.5.0/24, 157.61.6.0/24 respectively 
 For users, you can configure VLAN interface(all are in LAN zone) on Sophos Firewall with required VLANs. 
 Sophos Firewall: Configure Virtual LAN 
 After that create a LAN to DMZ & DMZ to LAN firewall rules to allow communication between servers and users. 
 You may also reach out to Sophos Professional Services to help you to deploy and securely configure Sophos products with organization's security requirements and Sophos best practices.