General setup and VLAN overview

There are couple of security Policies in place, which are set in the Wizard. You can choose to have them or not. Likely you can use the Wizard to perform the basic wizard. 

About the HowTos etc, there are couple sources here and in the XG itself. Starting with this: https://www.sophos.com/en-us/support/products/xg-firewall/how-to-library.aspx Online Help in XG itself is helpful for configuration steps. Also if questions remain open, the community is likely fast to answer those. 

Your are correct. VLAN are actually easy to handle. Simply plug in the cable, add the VLAN to the Interface (IP + VLAN ID). Configure a DHCP. Configure a Firewall Rule to allow this traffic - Done. 

Is there a real benefit of multiple ports on the same switch for you? You could perform a LAG (Link aggregation) if your switch supports this? But actually XG does not care about the numbers of interfaces and the VLANs on it. As long as every interface is Unique and you are not sharing the same IP / Subnet on multiple Interface (Port1 with VLAN100 and Port2 with VLAN100 would be invalid). 

Thanks @LuCar Toni, Yeah those are the HowTos that I find not as complete as I had hoped. There is some good information there, but many of them are just so narrowly focused that it takes a bit of research to piece together all of the parts I needed to fully implement a feature such as guest or IOT VLAN, and then I wonder if I've missed anything. I was hoping to stumble across a "How to implement VLANs for a guest network" that provided the overview with links to the corresponding HowTos. I'm not sure I'm describing that well. As I searched the forums looking for what I needed I saw this specific topic come up multiple times with links back to the doc or video that only covered how to add the VLAN interface, assuming the recipient either already knew or would have to figure out the DHCP and firewall rule portion. There are a couple YouTube channels that seem to have some XG Firewall content that I need to check out. 

My question about using a second interface results just because I can. the motherboard has 7 ports available to the firewall, so why not split the traffic over two interfaces? I suppose I could use link aggregation and that is might split the load more symmetrically. I used link aggregation on my home server for some time, but eventually gave up because it was running Windows Pro and Microsoft updates broke the Intel teaming software at almost every major update, so I gave up on that. Whereas this is between the switch and the router aggregation would likely work much better, though with only a 300Mb WAN connection, it is probably overkill.

As many parts of XG is specific to several topics, it is hard to write guides for such topics. For instance, if you talk about "Guest network VLANs", this could also include: Wireless, Hotspot, SMS, Web Protection, General Firewall / Protection, QoS, etc. The List could go on and on. Therefore Sophos is writing Guides for one Topic and you need to decide what you are actually going to implement in your system. 

As there are so many different requirements, no XG Setup is the same in the field, people are solving requirement differently etc. 

Likely you can perform your Task by your own by simple "doing" what you want to do. 

Steps would be:

Create the VLAN, add the Zone to the VLAN Interface (As you need a Zone).

Create a Firewall Rule for this Zone. You can create two Rules or more: LAN to LAN, LAN to WAN, or based on IP Subnets / Hosts. As you wanted. On this Rules you attach your Security mechanism, you want like IPS, App Control, QoS etc. 

That should run your basic Setup. 

Thanks for taking time to respond. I'm not sure I can buy into the idea that just because there are lots of options and that no two networks are identical that you should not try to document even one end to end configuration. For me that would tend to tie the basics together and help me understand the terminology that Sophos uses in the user interface even if the example didn't exactly match what I'm trying to do. I was hoping such a thing existed, but it seems like if it does, it isn't on the Sophos site at least anywhere I looked. I'll poke around a bit more and see what I can find. I had started by looking for a getting started guide that provided some background material before actually jumping into a configuration, but I didn't find one.

At the end of this, I've got to determine how much time I want to spend learning this tool, and then decide if I think that is worth the investment. It seems pretty cool and would save me the expense of the subscriptions I've used in the past on my Zyxel USG and I think should provide support for higher bandwidth based on what I built. But I'm a home user, not a network professional, though I've been working on network related software for a long time. For me this is a classic example of how I can spend time or I can spend money, and so I'm trying to find the resources that will help me judge the time required.

And yes, I might well find that I can just hack my way through this and that I already understand enough to make it work, but I can't say I'm not hesitant to pull out my working firewall to put this one in place with my current level of understanding of the product. Amazing how our home networks with only a few Internet connected devices half a decade or so ago have grown, and now with the current pandemic, my home network is also needed for business and the kids school. I can't just go dorking this thing up without some consequences. I think I'm approaching 80 devices on this network (lol).

I'll post any resources I find useful in this thread in the week to come.

Thanks for taking time to respond. I'm not sure I can buy into the idea that just because there are lots of options and that no two networks are identical that you should not try to document even one end to end configuration. For me that would tend to tie the basics together and help me understand the terminology that Sophos uses in the user interface even if the example didn't exactly match what I'm trying to do. I was hoping such a thing existed, but it seems like if it does, it isn't on the Sophos site at least anywhere I looked. I'll poke around a bit more and see what I can find. I had started by looking for a getting started guide that provided some background material before actually jumping into a configuration, but I didn't find one.

At the end of this, I've got to determine how much time I want to spend learning this tool, and then decide if I think that is worth the investment. It seems pretty cool and would save me the expense of the subscriptions I've used in the past on my Zyxel USG and I think should provide support for higher bandwidth based on what I built. But I'm a home user, not a network professional, though I've been working on network related software for a long time. For me this is a classic example of how I can spend time or I can spend money, and so I'm trying to find the resources that will help me judge the time required.

And yes, I might well find that I can just hack my way through this and that I already understand enough to make it work, but I can't say I'm not hesitant to pull out my working firewall to put this one in place with my current level of understanding of the product. Amazing how our home networks with only a few Internet connected devices half a decade or so ago have grown, and now with the current pandemic, my home network is also needed for business and the kids school. I can't just go dorking this thing up without some consequences. I think I'm approaching 80 devices on this network (lol).

I'll post any resources I find useful in this thread in the week to come.