cancelar
Mostrando los resultados de 
Buscar en lugar de 
Quiere decir: 
cancel
303
Visitas
0
ÚTIL
2
Respuestas

ACI PBR multinode (FW + IPS) service graph

Hi,

Does anyone know of a step-by-step guide (detailled configuration of BD, Health Groups, Redirect Polices, L4-L7 Devices, Service Graph and Device Selection Policies), for deploy multinode (FW + IPS) service graph?

We have this enviroment and we can make work fine only single node service graph (only firewall or only IPS).

Regards.

2 RESPUESTAS 2

leestanton0931
Level 1
Level 1

To deploy a multinode (FW + IPS) service graph, follow these general steps:

  1. Configure Bridge Domains (BD): Ensure your BDs are correctly mapped to the subnets and associated with appropriate EPGs.

  2. Health Groups: Create health groups to monitor the health of the services (FW and IPS) by setting up probes for both nodes.

  3. Redirect Policies: Set up traffic redirection to the service devices (FW + IPS) using a service graph template.

  4. L4-L7 Devices: Add your firewall and IPS as L4-L7 devices, configuring them in the service graph for proper traffic flow.

  5. Service Graph: Create a service graph template that chains the FW and IPS nodes, ensuring traffic flows through both in the correct order.

  6. Device Selection Policies: Define selection policies for distributing traffic to specific instances of the FW and IPS nodes.

For detailed steps, refer to Cisco ACI’s official documentation on service graph deployment.

Hi,

We know what are the general steps, in fact the enviroment works with single node service graph (only with firewall or only with ips), so we need one detailled guide from this case because the Cisco ACI's official docuementation don't cover it.

Regards.