Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 411 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Connecting two Cores

JSP_1970

In preparation for a Network upgrade (which we are also re-subnetting the entire network) I'd like to connect our new core to our XG 550 on a newly installed 10G port on a separate subnet. The existing is on a 1G 10.10.x.x /24 the new will be on 10.16.x.x /24 subnet. I know we have multiple separate WAN interfaces is it possible to have multiple LAN interfaces without bridging?



This thread was automatically locked due to age.
Parents
  • 0 in reply to JSP_1970

    New equipment and new subnets will flow through the Cisco 9300. The only connection between the 2 Cores is a management port so I can remotely configure the new Core. Old equipment will run in parallel until we completely finish cut over. I've seen a few different things as far as the Sophos port on the Cisco ours right now is just and access port from the Cisco. I have seen people do a trunk and break out the VLANs on the Sophos as Sub interfaces (Which is better?).... I'm new to Sophos Firewalls and ours were done by 2 different outside contractors and both are a little botched as far as configuration - I'd like to try and clean up what I can and do things correctly and do them by best practice. Thanks for your help!

  • 0 in reply to JSP_1970

    Thank you for posting the diagram.

    What s the role of the Cisco switches, they appear to be on wrong side of the XG eg the WAN side. I would expect the ISP connection to connect directly to the XG not through two LAN switches.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Sorry there was a connector that got cut off in the picture. It splits from the ISP one goes to the firewall and one goes to the Core. We have a couple pieces of equipment that need direct unfiltered internet access.

  • 0 in reply to JSP_1970

    My thought for the new connection from the Core2.0 is:

    Make the connect a trunk then breakout the VLANs on the Sophos 10G interface as sub interfaces, if that makes any sense? Right now, the connect from the old core is just an access port. I'm not sure what best practice is as far as the LAN port is concerned... Or does that not gain me anything?

Reply
  • 0 in reply to JSP_1970

    My thought for the new connection from the Core2.0 is:

    Make the connect a trunk then breakout the VLANs on the Sophos 10G interface as sub interfaces, if that makes any sense? Right now, the connect from the old core is just an access port. I'm not sure what best practice is as far as the LAN port is concerned... Or does that not gain me anything?

Children
No Data
Unfiltered HTML