thanks for your response, what is the best practice design in this case (l3out FW ha failover ) , - two link from each fw to leaf switch using svi vpc or- two link from each fw to leaf switch using routed interfaceorsub interface?
1) I know it's static route, but in case we use dynamic routing (ospf) could we follow same configuration here without default route next hope VIP of the firewall?2) this solution support only SVI interface?
