If we're not doing the NAT with those firewalls(at each site), this scenario would be very easy to be implemented, my questions is about the traffic steering that's supposed to be happening to the appropriate compute leaf, how can that be accomplished for the traffic returning from external EPG(internet), with a destination that's NATed previously(fabric isn't aware of that ip space), in other word destination of the returning traffic is not the same as the outside interface of the FW neither the inside epg.
Thanks