I have two Dell X1052 switches and a SonicWall TZ400 firewall. The SonicWall has a WAN port and then 6 available LAN ports.
Is it best practice to connect a network cable from the LAN port of the SonicWall to my first X1052 switch and then connect a network cable from the first X1052 switch to the second X1052 switch?
Or
Is it better to connect one network cable from the LAN port of the SonicWall to my first X1052 switch and then connect a second network cable from another LAN port on the SonicWall to my second X1052 switch?
Thanks for the help!
Best Answer
The answer will depend on where most of your internal LAN traffic will be going:
If most of your LAN traffic is INTERNALLY BOUND (ie, to a local File Server, Terminal Server, Intranet server, etc) then you definitely want to choose 1 switch as your "main/core" switch and connect the SonicWALL's LAN to it, along with the 2nd switch and any other switches. Plug the server(s) into the main switch, along with the most critical workstations.
The reason for this is: if most traffic is internal then you don't want to waste the SonicWALL's resources switching those frames from Switch #1 to Switch #2 -- in fact it is probably not as fast as the dedicated switches doing that. If you plugged both switches into the SonicWALL's LAN ports then ALL traffic from Switch #1 to Switch #2 would go through the SonicWALL.
If most of your LAN traffic is EXTERNALLY BOUND (ie, to the Internet; eg. you have few internal resources and connect mainly to Cloud Based resources, like Office 365 or various websites) then it may actually make sense to connect both switches separately to the SonicWALL's LAN ports.
The reason for this is: if most of your traffic is going out through the SonicWALL then you might as well connect directly to the SonicWALL instead of having one switch pass additional frames from the 2nd switch. Plus if the "main" switch were to fail then the other switch would still be connected.
In either case if you have separate subnets/VLANs then I wouldn't change anything -- your Dell X1052 switches are Layer 2 only so any routing of packets from one network/subnet/VLAN to another will require the SonicWALL router to route those packets. It wouldn't matter if you configured one of your LAN ports to be on a different network/subnet (eg. a DMZ) or if you configured an internal interface and trunked 1 or more VLANs through a single port. In both cases the SonicWALL is doing all the routing.
[Of course if you have a large/complex network with multiple subnets I would recommend a Layer 3 switch to off load from the SonicWALL. The SonicWALL's job is firewall/UTM/packet inspection and it is not going to be as fast as a switch at either plain old layer 2 switching or layer 3 routing.]