Hey guys,

I would love your expertise on these bellow because I'm really struggling with a weird deployment.

Starting from these zoning-rules:
+---------+--------+--------+----------+----------------+---------+----------+--------------------------------------------------+------------------+------------------------+
| Rule ID | SrcEPG | DstEPG | FilterID | Dir | operSt | Scope | Name | Action | Priority |
+---------+--------+--------+----------+----------------+---------+----------+--------------------------------------------------+------------------+------------------------+
| 7260 | 32779 | 15 | default | uni-dir | enabled | xxxxxxx | Tenant:Contract | permit | src_dst_any(9) |
| 6300 | 32779 | 15 | 443 | uni-dir | enabled | xxxxxxx | | redir(destgrp-8) | fully_qual(7) |
| 7919 | 32779 | 15 | 80 | uni-dir | enabled | xxxxxxx | | redir(destgrp-8) | fully_qual(7) |

1. I assume only specific traffic for those 2 filters get redirected by the PBR, right? Assuming that the FilterID value is actually the port value, are these true:
- traffic from 32779 to 0.0.0.0/0 on port 80 and 443 is always redirected
- traffic from 32779 to 0.0.0.0/0 on ANY other port is always permitted and sent directly to the destination leaf

2. What happens if the device (an F5 in my case) fails to forward traffic? Does the ACI have any mechanisms to stop redirecting the traffic?
3. Where can I find the Shadow EPG's pcTag value? In my case the F5 is connected via a BD and in this BD I have ACI GW, F5 IP's and F5 VIP's.

Bonus question maybe?
I need to apply the same SG with PBR and Consumer will be a local EPG and Provider will be an EEPG with 0.0.0.0/0.
In this case, all returning traffic (matching ports in Subject) from 0.0.0.0/0 to local EPG will be redirected, right?

Thank you a lot!
Ovidiu