Yes.. PO is port-channel.:) Physical diagram attached. Logically you have the FW having one sub-interface on the PO (po.10) which is a transit vlan b/w the Leafs and FW. It also have few other sub-interfaces (po.11-.20) as the server gateways. Similar to a router-on-the-stick design. 

@SandevChopra07800 

TO get the best from the forum it is imprtant that you write clearly worded questions, and nobody wants to download diagrams to see them. Much better to paste diagrams inline. Here's your question re-worded by Gemini. Please edit if it is not 100% accurate.

I'm setting up a network using ACI and a Firewall. I want to use the same physical connection (a Port-Channel) between the ACI and the Firewall for two different types of traffic:

1. L3 Out traffic: This is traffic that leaves the ACI network and goes to the outside world.
2. L2-EPG extension traffic: This is traffic that stays within the ACI network but needs to be extended to devices connected to the Firewall.

To achieve this, I'll configure multiple sub-interfaces on the Firewall's Port-Channel:

• One sub-interface will be used for the L3 Out traffic. It will act as a transit interface between the ACI and the Firewall.
• Several other sub-interfaces will be used for the L2-EPG extension traffic. These sub-interfaces will act as gateways for different server VLANs.

This setup is similar to a traditional router-on-a-stick design, where multiple VLANs are configured on a single physical interface.
This is the physical diagram.

Just checking what is the best way of achieving this as I haven't started my build yet?

Thanks to Gemini. 

Chris Welsh, I came across this similar post from you: https://community.cisco.com/t5/application-centric-infrastructure/aci-l3out-svi-and-l2-epg-extension-same-port-channel/td-p/4602228 

So can I get this done by two non-overlapping vlan pools (one pool for server vlans and other pool for transit-vlan) ---> tied to same AAEP ----> tied to a physical domain (fw) and Routed domain (same-fw). ?