Hello. You should upgrade your firewalls if you are running vulnerable
versions and have SSLVPN enabled. It doesn't matter if you are using
MFA/2FA or not.
As Graham said, you can not make a LAG between two independent L2
switches. You must either stack them (e.g. Catalyst stack-ring) or make
a VPC (Cisco Nexus). If you only have two stand-alone L2 switches, the
best you could do would be something like...
