I have a question related to the Security Groups in ACI. Today in DC we add Stateful Firewall to filter the east-west traffic. With ACI when we create SG's or EPG's and we remove the appliances (L4-7) and we just create contracts between the EPG's, but we keep the L4-7 appliances mainly to filter the North-South traffic (between Web - App - DB tiers).
The questions are,
- What features do I lose if I change the stateful firewall with a contract?
- Does that add risk and make the setup vulnerable? How?
- How to overcome this issue? as adding service chain inside the tier (ex. APP) would cause a performance issue.
- Does Tetration solve this problem, how?
I truly appreciate your inout and if you have a document that talks about the same.
APIC 4.1(2u)vCenter appliance 220.127.116.11000 I followed the instructions at "https://[APIC FQDN]/vcplugin/", using PowerCLI to install the plugin. It seemed to work - "[x] Installed vCenter plugin version 4.1.2000.21". However, on logging into...
Login to Cisco Communities
Go to the Cisco Intersight Community and to Intersight Product updates
*This means you will get an email only if content is posted specifically to Intersight Product Updates. And all product updates wi...
Hi,There was a leaf Switch live in our fabric which was having some issues . We got an RMA for it and replaced the new leaf Switch with the same Node ID. After replacement we are unable to SSH the new leaf Switch from APIC .getting some error for RSA keys...
Hi, I am trying to create multiple subnets in one bridge domain using postman for ACI automation. I want to know if there is a document specific to the automation mentioned above. Can someone help me with this please. I am using global variables for ...