I pretty sure protocol can be used on the SG350 and SG350X switches with ACLs.
Yes, it does. I am using it in my current single VLAN setup to restrict unsecure traffic between TV and servers to DLNA only. However, since it is an IP range filter, secured only by MAC assignment on pfSense DHCP, I wanted to improve security on my servers going with VLANs
If you could pull a second CAT6 cable you could use your SG350X as the core switch connected to pfsense. Then you could use your 10-gig switch for your 10 gig networks.
Would be a later improvement, yes, but I cannot afford it right now.
Having one switch to route drops my wish to isolate the backup server on a different VLAN. However, 2 L3 switches is more complex to manage the ACL and avoid asymmetrical routing.
I will go with only the SG350 as L3. Once I csn afford a 4x 10Gb fanless switch, i could again have my back server on a dedicated VLAN
Sound good, security wise?
I will post my whole config and switch/pfSense rules once done so that it cab help others
Thank you again