Hello everyone I have the following problem I have an L3 switch (cisco) in the lan network with several vlan where the vlan interfaces are on the L3 switch internally the en route works but it doesn't go online. Excuse me writing, I'm from Latin America (Venezuela)
Hola Rodolfo,
I think you are using that cisco switch as your default gateway for all of your (internal) VLAN's, right?
If you now add a firewall to that network, that system either has to be the new…
If you now add a firewall to that network, that system either has to be the new "default gateway" for all of your networks OR the firewall-system "has to know" about all these other networks. This would mean to add static routes on the firewall with the cisco as gateway. I suppose these "other" networks can only be reached through the cisco-gateway. That would need one (untagged) VLAN uplink to the Sophos firewall system and then doing IP-routing from there.
Second way:
If you would like the Sophos firewall to be part in all these VLAN networks, you need to setup a trunk from the cisco to the firewall-port and then you have to define the ethernet-vlans on that physical port on the Sophos as well. Then you shouldn't do the routing on the cisco anymore, instead use the Sophos as default gateway.
Mit freundlichem Gruß, best regards from Germany,
Philipp Rusch
New Vision GmbH, GermanySophos Silver-Partner
If a post solves your question please use the 'Verify Answer' button.
Thanks for answering the sw core I use it for my LAN network where I have declared the vlan interfaces of each one I am only placing a static route in the cisco 0.0.0.0.0 0.0.0.0 172.16.1 which is the IP of Sophos in summary I want that the vlan go to the internet.