Wireless/switch/vlan setup

Question

Typical network 
 
 ISP modem (bridged mode) -> Sophos firewall port 2 
 Firewall port 1 -> Sophos 1000 series switch port 28 (through an RJ45/SFP adapter) 
 Switch port 2,4,6,8,10 -> APX120 1,2,3,4,5 
 
 VLAN Requirement 
 
 Staff VLAN (10) 
 Guest VLAN (20) 
 VoIP VLAN (30) 
 Networking devices VLAN (40) 
 
 I plan to set up network as following. Is it about correct? 
 1) Add four VLANs to Port 1 
 
 Staff: 10.10.10.1/24 
 Guest: 10.10.20.1./24 
 VoIP: 10.10.30.1/24 
 Networking: 10.10.40.1/24 
 
 2) Add DCHP servers accordingly 
 3) Add a new zone (Guest) and add Guest VLAN to this zone 
 4) All APs: VLAN 40 (networking) 
 5) Add a Staff WiFi SSID, VLAN tag 10 
 6) Add a Guest WiFi SSID, VLAN tag 20 
 7) Switch port 2,4,6,,8,10: untagged VLAN 1; tagged VLAN 10,20,30,40 
 8) Switch port 28: untagged VLAN 1; tagged VLAN 10,20,30,40 
 9) Switch port 12,14,16,18,20: untagged VLAN 30, tagged VLAN 10 (those ports connect to VoIP phones, which have a PC port for staff desktop PC). Does Sophos support LLDP-MED? I believe so, as staff PC will need to stay in VLAN 10 (Staff), not 30 (VoIP) 
 Thanks!

Raphael Alganes · Answer

Hello myu_satech , 
 Good day and thanks for reaching out to Sophos Community. 
 Networking setup should be good. On additional, Switch uplink to FW should be trunked and VLAN interfaces must be created on FW (Port1) alongside with it are respective Firewall rules for traffic control and access to internet. On #9 kindly note LLDP-MED feature is only available on PoE model switches. https://www.sophos.com/en-us/products/sophos-switch/features 
 Further, I may recommend you to be in touch with your Sophos Sales Engineer / local Sophos Partner for implementation type of activities in the future. I believe they could be of further guidance on these engagements. 
 Have a nice day and thank you for choosing Sophos. 
 Cheers,