Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
460
Views
0
Helpful
1
Replies

ACI L4/L7 with Firewall / Load Balancer

PutmanoAIT
Level 1
Level 1

‎08-10-2023 07:42 AM

I'm newly joined into the Cisco ACI world. We are planning to migrate from traditional to ACI infrastructure. In our environment, we have Palo Alto Firewall and we gonna integrate it as L4/L7 with one-arm mode. The service graph will be applied based on the "EPG Collection for VRF". So, the traffic between EGP will be filtered by Palo Alto Firewall. However, we still have another F5 Load Balance that needs to consider. We would like to implement F5 Load Balancer as the One-Arm mode and no SNAT enable. The traffic from the client via L3Out will be routed through the Palo Alto Firewall and then F5 VIP. I would like to have your advice, does it work with this topology?

PutmanoAIT_0-1691678438315.png

 

Labels:
0 Helpful
1 Reply 1

hemohemoh
Level 1
Level 1

‎08-28-2023 12:26 AM

Hey @PutmanoAIT,

I think it is possible to integrate both Palo Alto Firewall and F5 Load Balancer into a Cisco ACI infrastructure. Traffic from the client via L3Out will be routed through the Palo Alto Firewall and then to the F5 VIP. This is a common deployment scenario and can be achieved using a service graph in Cisco ACI. 

You can create a service graph that includes both the Palo Alto Firewall and the F5 Load Balancer. The traffic will first be directed to the Palo Alto Firewall for filtering, and then to the F5 Load Balancer for load balancing.

Cheers!

0 Helpful
Customers Also Viewed These Support Documents