Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 503 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Utilizing Ethernet Ports on XG

SophosNewby

Good morning, I come to you today asking for some advice. I am really under the gun with revamping our entire flat network into a more optimized system. Being the single IT person responsible for multiple plants I am quite overwhelmed with what direction I need to go. Currently we run a Sophos XG210 and I am only setup using one port for the LAN segment and of course the WAN for our outside services. Our network consists of your typical LAN devices, but also VoIP and security systems. 

Our biggest problem is obviously the flat network that has become one big broadcast of all traffic, not good in any network. So the idea is to replace some equipment, add possibly core switches and integrate vlans. This is a huge undertaking in a production environment that runs practically 24/7. 

I am wondering if I could start by possibly configuring and using XG a bit more and configuring some of the ports to take on these network. Maybe have the security system on Port 4 on its own and even have VoIP on Port 5. Just not sure how to go about doing this in such a manner as to not disrupt the main network and whether or not this is even good practice at all. Any help in any way would be greatly appreciated.



This thread was automatically locked due to age.
  • 0

    Helllo  ,

    Thank you for reaching out to the community, please find the some of the useful KB articles below:
    1.) VLAN -  Add a VLAN interface
    2.) VoIP - Best Practices 

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • 0

    So you're saying that currently, you have a switch or something hanging off of the LAN port and everything -- VOIP/security/production traffic -- all come into that single switch and then into a single XG (LAN) port?

    What kind of switch? How do you control it/them? Are you moving to Sophos Switches?

    How is your VOIP currently handled? Just a bunch of IP phones hanging off of the switch at random? Vivek's linked VoIP document looks very complete. But how are you currently doing it and how is that working for you?

    In terms of VLANs, the only tip I can add is not to use VLAN numbers 0 or 1, even if the XG allows you to do it. I hear that can cause all kinds of problems. So maybe use 10, 20, 30?

    It sounds like the XG has mainly been used as a firewall and so I'd also wonder if you are aware of any settings (Traffic Shaping, etc) that have been customized or is it pretty much a stock XG with security features turned on? Are you running internal servers that are accessible from the outside world, or is it mainly internal networks with access to the Internet? Also, what version of SFOS are you running?

  • 0 in reply to Wayne Folta

    Sorry for the delay Wayne, you are correct in some regards. Defintely all our network devcies are on the same network. We eventually want to get some separation and I was thinking this XG has multiple ports and only 2 are used (WAN, LAN) so before doing any Vlan work completely move the cameras onto their own switch and then say into Port 4 of the XG, then move all the VoIP phones onto their own switch and plug into Port 5. I am just trying to begin reducing the congestion, I'm no epxert in VLans and I know its pretty easy to make a mistake and with a production enviroment i need to be careful with my changes. Our internet drops for 2 secs and I'm getting calls so I can only imagine if file access or email were to temporaily halt due to a misconfiguration.

Unfiltered HTML