i think a 2960-48 port L2 switch would satisfy your needs.
I am assuming all your users would be in one subnet and will be configured with the default gateway of the FW. There is no need to configure vlans in this case and all the users can be placed in one vlan (either default or the one you define)
For management you can define an IP on the switch. The switch does not require any other configuration to route the traffic to the firewall
If you are planning to segregate your users into different subnets then you would require an L3 switch
ISP link ------ RTR ----- Rirewall ----- RTR --- Switch
You setup sup interfaces on the internal router to accommodate your VLAN's.
Like the previous post stated, if you have no layer 3 device internally, then you will use one big VLAN. Internally on the switch you would want to choose something capable of handling your L3 traffic if you choose a L3 device.
Depending on your traffic needs you might choose a 4500 or 6500 series switch, or even a 3750. It all depends on your traffic, network design and ISP bandwidth.
Unfortunately I don't have a simple answer for you, there are a lot of variables.
The most simple answer is just to get an internal router and run a router on a stick,they aren't always the best solution, but generically, it's the easiest answer.
So how will diffrent vlan will be able to go to internet gateway.
Say my natted IP on Firewall is 192.168.1.1
Vlan10 is having IP 192.168.2.1 and say 192.168.3.1 for Vlan20.
Internal desktop client from respective VLAN will be able to hit their defined gateway(192.168.2.1)but how will this go to internet gateway i.e 192.168.1.1 for all the different VLANs to access internet.
If you're going to try to limit traffic between subnets, you might want to consider placing an ACL on your L3 device. Assuming you'll have a common DHCP and DNS server that you'll want to allow ALL VLANs to, you can apply an ACL like the following:
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...