Hi folks, I am trying to understand the ACI`s l4-l7 service graph re-direction. Use case is, lets say that external EPG needs to talk to the WEB EPG but traffic needs to be inspected and filtered by an ASAv firewall (unmanaged node in ACI). So you would insert the service-graph that contains the defined ASAv node in the contract. Note- the WEB EPG has its default-gateway/subnet configured under its BD. (Which basically means on the ACI leafs).
So how can you have the firewall inspect and filter the traffic if it is not the default-gateway for the Web EPG/vlan? Where would you apply the ACL on???
Thnx