Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 2 subscribers
  • Views 1478 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSG330 handling all routing

Ross86
Hi all,

I have  the following VLANs:

Users
Servers
Printers
Network devices
iSCSI
Cluster
DMZ
Guest Wifi

Roughly 130 users and 50 servers.

The Sophos SSG330 will have full guard, and be the edge firewall device.  If I set all these VLANs on the SSG330 as layer 3 interfaces (router on a stick) will the SSG be a bottle neck?

The other option is to use my HP 5412zl procurve switch to handle all the routing and use the Sophos for internet facing and guest wifi only.   The downside is I can't apply any IPS to inter VLAN routing but I would rather a solution that worked well.

How does everyone else do this?

Cheers
Ross


This thread was automatically locked due to age.
  • 0
    Ross, I think I'd do a combination.  I wouldn't run an iSCSI subnet through the SG if it's only used by the servers.  Since I don't know what's in each subnet or why you've chosen this topology, I can't make any specific recommendations.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    May not have explained it too well, the SG would only be the gateway, all the traffic would be on the switch unless going between VLANs.

    For example all the users will be passing through the SG to the switch for server applications.

    Controlling routing on the SG would have more control but wouldn't want it to be a bottle neck.
  • 0
    Yes, for example, I would run the traffic between Users and DMZ through the SG.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    Hi, typically the IPS becomes the bottleneck for traffic between local networks.

    You can add exceptions if needed.

    Barry
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?