Hey I was messing around with esxi and from FPR1010 I have a connection to an SG350XG.. On the SG I have a Network 192.168.4.0/24. That Network is connected to esxi vswitch. On there I have VM and another vswitch with 10.0.2.0/24 Network. Now, 10.0.2.0 has Internet access and all is fine but how would INCOMING ACL/NAT work? I know normal I'd NAT/ACL for the 192.168.4.x Network/Host, but what if there is another Network under that? Would I NAT/ACL to the inner host and it knows where to find it, or do I create another ACL on the switch for its subordinates?