Hello,   I have several MS320 switches all connected to an MS420 core switch.  The firewall is a WatchGuard with an IP address of 10.10.4.1.  L3 routing is enabled on the MS420 switch with several VLANs defined.  The gateway that was entered when enabling L3 routing on this switch was that of the WatchGuard firewall (10.10.4.1).   There is no "UPLINK" VLAN defined.  I only bring this up because Meraki states that defining an UPLINK VLAN is a best practice.   This started as a flat network over five years ago with the WatchGuard firewall already in place.  The WatchGuard firewall IP address was originally 10.10.5.1.  There were a lot of statically defined IPs in use for servers, copiers, etc.  The choice was made to define a VLAN of 10.10.4.0/23 with an interface IP address of 10.10.5.1.  This allowed me to keep the default gateway of 10.10.5.1 which was defined on all of my statically defined devices.   The WatchGuard firewall IP address was then changed from 10.10.5.1 to 10.10.4.1.   I just added two "top of rack" switches which are MS425 models in a flexible stack.  They will be used to connect my three HP rack servers acting as ESXi hosts to my Nimble SAN.   Now, I want to define two iSCSI VLANs on this top of rack switch stack.  They should not route outside of this stack since it's only internal iSCSI traffic.  I can accomplish this by not allowing these VLANs through the trunk port connecting this stack to the existing MS420 stack.   When I enable L3 routing on this (new) stack, I am asked to define a default gateway during the first VLAN creation.    Would this be the IP address of the WatchGuard firewall?   Also, is there any benefit to defining the VLANs for this top of rack switch deployment on this stack as opposed to just defining them on my original MS420 core switch that already handles L3 routing?   In my head it sounds better to define these VLANs on the top of rack switch.  I have been overthinking this so much that I am confusing myself.   Thank you.  ... View more