This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Best Practices for Sophos XG 310 Network Switches - Layer2 Layer3

Do I need a Layer 3 Switch to manage my VLAN with the Sophos XG 310? I am planning a HA-Setup with two Sophos XG 310 appliances and three VLANs in total.

I read so many different opinions and I am kind of confused, if a L3 Switch is necessary. So can someone please explain to me what are the pros of L3?

I also read of some L2+ Switches.

This thread was automatically locked due to age.

Parents

0 LuCar Toni over 5 years ago

Depending on your desired setup.

A Layer 3 Switch will route the traffic directly between the VLANs.

A Layer 2 Switch will forward the traffic to XG and XG will route the traffic.

Pros / Cons are like always:

If XG sees the traffic, it can do something.

L3 Switches are likely more expensive.

L3 switches are likely to be faster.

Both will work.
Cancel
Vote Up 0 Vote Down

Cancel
0 Rene Glasow over 5 years ago in reply to LuCar Toni

Thanks for your fast answer!

But this doesn´t mean that with a L3 I am not able to route/scan the internal traffic?
Cancel
Vote Up 0 Vote Down

Cancel
0 LuCar Toni over 5 years ago in reply to Rene Glasow

As a Layer 3 switch will route the traffic directly, XG cannot see the traffic. Thats the porpuse of a Layer3 Switch. It will directly connect both networks and route the traffic from Subnet A to Subnet B. XG is not involved. Only traffic to the default gateway for example will be scan able by XG.
Cancel
Vote Up 0 Vote Down

Cancel
0 Rene Glasow over 5 years ago in reply to LuCar Toni

Thanks again. So with your previous answers, I would build it like this? We also have one 10GB backbone and I would use two 10GB L2 switches (orange). Would this setup do the work?
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Rene Glasow over 5 years ago in reply to LuCar Toni

Thanks again. So with your previous answers, I would build it like this? We also have one 10GB backbone and I would use two 10GB L2 switches (orange). Would this setup do the work?
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 LuCar Toni over 5 years ago in reply to Rene Glasow

You would point all VLANs to the XG and XG will do the routing. Yes.
Cancel
Vote Up 0 Vote Down

Cancel
0 Rene Glasow over 5 years ago in reply to LuCar Toni

Ok, one dumb last question (I hope). :)

I initially planned with L3 all the way through the network.

With this great information I received now from you, does it still make sense at all to go with L3 switches behind those 3 VLAN L2 switches?

We are a liiittle bit on a budget right now and looking for the best solution that is still easy to maintain.
Cancel
Vote Up 0 Vote Down

Cancel
0 LuCar Toni over 5 years ago in reply to Rene Glasow

Depends on the speed you want to archieve. As a Layer 3 switch can likely get the 10 GBit/s throughput, XG310 could slow down this a bit.

(IPS and other services will slow down the speed compared to a backbone "plain" routing device).

Actually a L3 Switch in front of a L2 Switch does not make much sense. Maybe i misread your diagram, if those are 4 switches, i dont see the benefits of those L3 switches. They would do the same as the XG would do. If a Layer 3 switch does not hold all VLANs, it will still send the traffic to XG.

If a layer 3 switch holds all VLANs, it will interVLAN route the traffic.
Cancel
Vote Up 0 Vote Down

Cancel