04-17-2020 04:55 AM
Hi folks,
I have a firewall attached to ACI as a L4-7 device using it in conjunction with Service Graph functionality and Policy-Based Redirect. Everything is fine for EPGs communicating across the Service Graph, however how do I apply a contract to the transfer network of the firewall itself?
I understand that by creating an L4-7 device shadow EPGs are automatically created but how do I apply policy to those.
The firewall itself should be able to talk e.g. to the DNS server using the cluster interface configured in ACI. Therefore, I need a contract between the device and the DNS-EPG. Unfortunately I'm unable to figure out how to achieve this.
Any suggestions are highly appreciated!
Kind regards,
Nik
Solved! Go to Solution.
04-17-2020 11:11 AM - edited 04-17-2020 11:17 AM
Hi,
Is DNS-EPG one of the provider or consumer EPG used in the service graph? if yes, then what you are looking for is "Direct Connect" option. Using this setting in the service graph, you can enable communication (individually):
For additional details about this option can be found in the ACI PBR white paper: https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-739971.html
Cheers,
Sergiu
04-17-2020 11:11 AM - edited 04-17-2020 11:17 AM
Hi,
Is DNS-EPG one of the provider or consumer EPG used in the service graph? if yes, then what you are looking for is "Direct Connect" option. Using this setting in the service graph, you can enable communication (individually):
For additional details about this option can be found in the ACI PBR white paper: https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-739971.html
Cheers,
Sergiu
04-19-2020 10:14 PM
Thank you Sergiu,
that is exactly what I was looking for! I already tested it in the lab and it does the job :)
Kind regards,
Nik
04-20-2020 01:29 AM - edited 04-20-2020 01:30 AM
Hi Nik,
Glad to hear that the solution was helpful!
Have a nice rest of the week and stay safe!
Cheers,
Sergiu
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide