Hello, Would like to know the meaning of below service chain configuration. The situation is that I encountered an issue where we run a packet capture end-to-end but from the 3rd party(cloud security provider) side I'm seeing that somehow the packets from the branch get translated since the public IP I saw in 3rd party capture is IP from the Data center.

The setup is that from the branch site we are forwarding the HTTP/HTTPS traffic to 3rd party sec. provider.

From my assumption, this is the traffic flow for web/https ?

QUESTION:
1, Based on the shared diagram, is that the correct flow. From the branch site it will be forwarded to the hub then to the firewall?
2. How Hub and Firewall handle the reply/return traffic back to the source to the target destination? Since the source IP address already translated to public IP ?
3. What is the process of returning traffic from the actual target destination? is it destination -> natted src IP to branch site via gre then to FW nat to private address then back to branch client ?
4. AS you can see we also have a service netsvc1? What is the purpose of that? Are we going to use this first?
5. What show command , test that can be preformed to validate the flow?

QUESTION:
1, Based on the above diagram, is that the correct flow. From the branch site it will be forwarded to the hub then to the firewall?
2. How Hub and Firewall handle the reply/return traffic back to branch site then to the target destination? Since the source IP address already translated to public IP, is it going to based on src/dst ip or TLOC etc?
3. In terms of the return traffic from the actual target destination, What will happen those it go to Brand -> hub -> FW(nat back to private ip) -> hub to branch -> Client? What is the correct process.
4. AS you can see we also have a service netsvc1? What is the purpose of this? Are we going to use this first?
5. What show command , test that can be preformed to validate the flow?

Thank you so much in advance.