Got the IP on switch 1 now - I had a look at that link. It looks like I need to follow a step in the last post:
"Offcourse, untag or tag the port connected to the FW. Tag / untag depends on how FW is configured (IEEE .Q)"
At the moment the firewall is in vlan 1, untagged. This seems to me like I need to add that port as tagged in vlan 60. Does that seem right?