This is the diagram:

Grey - 1 gbit link

Pink - 10 gbit link

Hi, I would put the NAS on 10G too if possible and if the NAS supports 10G and have the Dell connected to DMZ switch

assuming you don't have anything else on the storage switch and you can effectively remove the storage switch and use all 4 1G vmnics on management switch and DMZ switch for redundancy and bandwidth (each 2 vmnics)

You mentioned that DRS moves VMs between hosts and impossible to have all VMs of VLAN OFFICE on a single host,

you can actually provision all VLANs and portgroups on all ESXi hosts so even if DRS moves VMs they will still connect to the correct VLANs regardless of ESXi host location

What I don't understand is that you have LAN OFFICE VLAN on DMZ and also VLAN 50 LAN OFFICE, are these same VLAN or same purpose?

If this is related to your question is it possible to create vSwitch with uplink to different physical switches, the answer is you can configure it but it won't work as you expected.

vSwitch (or vDS) need to have uplinks to a common physical switch

The problem is that I cannot connect Dell with DMZ Switch because the latter is an HP with RJ45 and SFP ports (1gb max), while the Dell is 10gb SFP+ fixed.

Because of it, I would know if there was a software configuration or trick for having VMs that traffic each other on Dell (faster) and access to internet or to printer on HP Switch (slower).

If I was only one host is simple: VMs traffic is naturally faster because is inside virtual switch, while external is naturally on physical switch.

But with 3 hosts, I need to use Dell to have the same performance, because Office VMs are not only to a single host. That's why I 'd like to have VLAN 50 on both switch, but separated.

Good idea to create vDS for management, VLANs and NAS using 2 switch in HA (HP 1820-24G is capable?), but I don't know how to connect both to firewall (Sonicwall NSA3500).

Maybe using 2 Firewall (I have a spare part) in active/passive HA mode and connect one on first switch and one to second switch letting ESXi to decide the path that has Internet access?

Thank you very much!

And what do you think about connect 2 switches for redundancy at the firewall(s)?

I'm sorry I don't get on what are you referring to about connecting 2 switches for redundancy at the firewalls.

Could you explain more about this or provide a diagram of your idea on this so?

That looks better in my opinion as you have redundancy across all connectivity with this design.

Using redundant connectivity to firewall as per your diagram is common setup, as per the SonicWall KB here: How to Configure High Availability (HA) | Knowledge Base | SonicWall

Things to note as you would have multiple vmnics to same switch, vmnic0 & vmnic1 to switch2 and vmnic2 & vmnic3 to switch1

You can use IP Hash or LACP if your switch supports MC-LAG, if not you may want to split or alternate the VLANs across vmnics on same switches, assuming you will use route based on originating port ID

Here's an example

I know very well this diagram and it works with only one switch on server side. (LAN Switch)

But if I have 2 switches on server side like my diagram as using vDS with Route based on physical NIC load and all vmnics active, how can I connect both switched to x0 port of both firewalls?

I don't know much about Dell Sonicwall setup but I was assuming that the diagram from that KB is a logical diagram.

The physical diagram would probably look like below taken from this doc High_Availability where each switch connects to x0 and x2 (I guess the x2 is optional redundant link)

But as I said, I don't know much about Sonicwall but to me this looks like a common setup

the last diagram is for Supermassive line of Sonicwall that they costs from 15000 euros and up.

With NSA3500 I can only pair X0 with X2 in "layer2 Bridge mode" or in "2-wire mode" (How to Configure Wire / Tap mode in SonicOS | Knowledge Base | Sonicwall )

I think that Layer2 Bridge mode is the more appropriate as the schema below: (http://www.andovercg.com/datasheets/sonicwall-Bridge_Mode_and_Transparent_Mode_Deployment_Guide.pdf )

But in this way I would have 2 switches connected with an uplink LAG (2 or more cables) and an uplink passing through the Sonicwall in L2 brigde.

I miss something: Looking at your previous schema without firewalls, for example, a packet from a server enters on Switch B, goes in Switch A and reach the second server.

With firewalls, a packet from a server could enter in the Switch B, then goes to x0 of cluster 2 (inactive Sonicwall), then exits from x2 going to Switch1 and reaches the second server.

Or more complicated scenario: it enters on Switch B, then X0 inactive firewall, then x2 bridged, then Switch A, then x0 active firewall, then WAN.

Am I right or am I wrong?