No announcement yet.

Firewall / Switch Configuration

  • Filter
  • Time
  • Show
Clear All
new posts

  • Firewall / Switch Configuration


    I have some experience with WatchGuard Firewalls and HP Switches, particuarly the 2920.

    I have been asked to help out a friend who owns his own business, currently they have an 8 MB dedicated leased line connected to a WatchGuard XTM 22, which is quite old, 1 x DLink 24 Port 100 MB switch, 1 x DLink 1GB 24 Port Switch and then a Zyxel 24 Port 1GB POE Switch, all of which are very cheap devices with not a lot of throughput.

    They have around 60 users working from this!, mostly on thin clients connecting to an RDP session hosted in the cloud, they have a couple of servers locally with DNS and AD etc., however these aren't really used as they have a cloud environment.

    The Issue currently is that they are struggling with connectivity, and ports, meaning they are using a multitude of 1GB hubs at the client pc end!

    A new 40MB leased line will be installed over the coming weeks, however from a network prospective I want to install the following:

    1 x HP 5412R switch chassis with 96 1GB POE ports installed, with room for expansion in the chassis if required at a later date
    1 x WatchGuard XTM 545 (or similar)

    Then replace all 3 existing switches, and existing firewall with the above

    They have a Panasonic sip phone system, so am I right in saying that I just need to create a vlan on the new HP Switch for this to work?.

    What I am unsure about is do I just connect up the switch to the firewall using 1 network cable? or connect using as many as is available? as I cant remember that bit.

    I know some of this kit may seem overkill for them at the moment, but it is designed for expansion as they may be doubling in size in the next year.

    I am more interested to find out if anyone foresees any issues with this setup?



  • #2
    I use a WG XTM510 for my customer's I'net access, and it's the router/gateway for several vlans. I have several cables on 1G links running between the XTM and my Cisco 3750G core switch, with the links all LACP-d together for the same things you're concerned about. None of my vlans are voice, however, so other than setting a priority on the switch and the Watchguard for the voice vlan higher than the others, I can't suggest anything else. But yeah, I think you're headed in the right direction.
    MSCA (2003/XP), Security+, CCNA

    ** Remember: credit where credit is due, and reputation points as appropriate **


    • #3
      How are the current systems setup? Shouldn't you just replicate that and then make changes after the equipment has been installed?