This document, BRKDCN-2304, explains the connectivity of firewalls to VXLAN; I do have a requirement to use local firewalls A/S at each site. The document explains how to do host route advertisement, but I have problems with that. What happens is firewall learns a one-way path because each site uses a gateway (firewall) at each site to route between VRFs; the host route is being injected in the opposite Datacenter. Can someone reach out to me and help me with the design marcin@nexthopllc.com, there is a limitation I believe in Catalyst 9300 for VXLAN with this design, did anyone ever did Firewalls setups at each site to help with routing between VRFs?