Hello. Because you say in your original question that you want this firewall to handle "Inter-Tenant/External communication", I interpret that as you want it to handle what we term "East-West" traffic, i.e. traffic between EPGs inside ACI, and you also want it to handle what we term "North-South" traffic, or traffic from EPGs to the outside world. With that in mind, my suggestion would be for you to investigate using PBR (Policy Based Redirect). With a design using PBR, you can have one firewall interface handle E-W and another interface on the same FW handle N-S. Or, if you prefer, you can have multiple FWs, each handling one role. I say one-interface, because I am referring to a 'one-armed' design, but you can opt for a traditional two-armed design too (especially if you are using NAT with that firewall). Or you can mix one-armed and two-armed on the same FW (different interfaces of course). There is a lot of flexibility depending on what your desired outcome is.
Anyway, have a look here for solid info on what you can do with PBR.
Coming soon - Be the first to know about the New Product/Release Series. Join Customer Connection to register for the briefings throughout the month of October!
Membership in the Cisco Customer Connection program is required to attend. Registra...
Description:Fault delegate: A Fabric Node Group (fabricNodeGrp) configuration was not deployed on the fabric node 152 because: Node Not Registered for Node Group Policies Type:Config Cause:configuration-failed Change Set:deplSt:not-register...
<original blog published on cisco @ https://blogs.cisco.com/datacenter/cisco-mds-32g-fibre-channel-fabric-switches-small-doesnt-mean-less >
When we think about fabric switches, we tend to consider low-end hardware. These typically do ...
Cisco Champion Radio · S7|E34 Cisco HyperFlex with iSCSI Helps Consolidate Workloads
IT organizations that get the most out of their technology investments tend to grow faster than their peers. As a result, they are always exploring enhancements to exist...
HyperFlex Edge Automated Deployment Tool for Cisco Intersight
The Cisco HyperFlex Edge Automated Deployment Tool (HX Auto Deploy) for Cisco Intersight enables automated deployment of HyperFlex Edge cluster installations through the Intersight API.