Network segmentation project

Question

Hi all, 
 I am in the optics and the reflection to start the project of segmentation of my local network. 
 i have xg 330 as edge firewall 
 Si i think about to methods, go with L3 switch for inter-vlan routing or don't make L3 switch and do all the segmentation with the XG 
 i don't know if there's limitations on xg to do segmentation, and i don't need to manage ACL inter-vlan on L3 switch 
 So i ask is sophos xg have the capacity for this type of project, the prerequisites and the constraints that I may have. I know that everything depends on the need, but the topology is not really complex, it's classic 
 
 thanks

Raphael Alganes · Answer

Hello Fotit, 
 Thanks for reaching out to Sophos Community and hope you are well. 
 You mentioned that you're already using XG330 on edge and plan to use as segmentation/point of convergence for your VLANs and definitely this would be a Router-on-a-Stick setup using the FW if you would not add an L3, If there's an L3 switch it would be routed ports to XG with that being you might want consider how many VLANs you currently have, expansion of VLAN in the future etc and how granular you FW policies/security features would be etc. Technically this should work on Sophos Firewall both the Router-on-a-Stick or using L3 switch with routed interface going to FW then static routes to XG for the VLANs. It's just more matter of proper sizing and some internal considerations such as "budget" (because it would be a budget overhead to acquire an L3 rather than trunk an L2 switch to FW) , design, futureproofing, etc as you already have a XG330 in place. 
 I might recommend you to also reach out to your local partner/ Sophos SE when it comes to implementation concerns or Professional Services (if you would opt to) in future as I believe they can give guidance accordingly for this kind of engagements. 
 Hope this helps. Hope you have a nice day and Thank you for choosing Sophos. 
 Cheers,