Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 8 subscribers
  • Views 4328 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Network Design with Layer 3 Switch and UTM

PMIAdmin

Our network will consist of 5 access switches connected to a layer 3 core switch connected to a SG430. We will have several VLANS consisting of computers, VoIP phones, security cameras and card access readers. Total users will be around 100. We are fully cloud and no longer have any servers so no DHCP or DNS server. It appears my options are to use the core switch as layer 2 and let the SG430 handle the routing, DHCP and DNS or use the core switch as layer 3 and let the switch handle DHCP. Does anyone have a recommendation as to which setup will give the best performance? Am I missing any other option?



This thread was automatically locked due to age.
  • 0

    With 100 users only, you should not have performance problems.

    With DHCP/DNS/Routing at the firewall, you have a usable GUI to configure this.

    Network segmentation may not be the primary goal ... without servers ...


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • 0

    Depends on the brand of your switches. Better ones (i.e. HPE) have a routing engine in ASIC which is capable to route in wirespeed (even at 10/40G).
    Routing on the UTM might be fast (depending on model) but will be software anyways. Useful only if you want to enforce Firewall rules between the subnets.
    DHCP / DNS is better manageable on the UTM, you just have to configure DHCP relay agents on the switch for the other VLANs.

  • 0

    I prefer to put routing on firewalls and switching on switches.

    It is also easier to manage DHCP on two SGs in HA (active-passive).

    bye Josef

    BERGMANN engineering & consulting GmbH, Wien/Austria

  • 0 in reply to JosefBergmann

    Valid point, but if you do so you definitely don't need to invest in "Layer 3 Switches". L2/L2+ will do.

  • 0

    I had the same decision to make when we overhauled our network. I decided to let the core switch do the VLAN-routing because:

    1. I didn't require firewall rules between the VLANs (we only have data & voice).
    2. The performance will always be better on a switch.

    I then created a static route under "Interfaces > Static Routing" for the voice VLAN so the UTM can forward the voice packets to the core switch.

    I would definitely let the UTM handle DHCP & DNS.

Unfiltered HTML