Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hello Team,Have a quick question about ACI MultiPod fabric and Firewall design. The goal is to have a cluster of two Firepower 4112s in the first Pod and separate/standalone single Firepower 4112 in the second Pod (I cant afford a split spanned Ethrc...
Hello Team,I am trying to figure out Microsegmenting our current network-centric deployment (see the picture below). Currently we have:* Enterprise networks 10.0.0.0/16 which are connected to Fortigate firewall (L3)* This FOrtigate firewall is a L3OU...
Hi Colleagues,I have read that in order to be able to implement microsegmentation with uSegs it is mandatory that Unicast Routing be enabled and Subnet is defined for BD for Base EPG. My question is - is it also required that the configured Subnet Ad...
Good morning all!I would like to ask some help in making clear concepts of AEP and bindings.1. Somehow I forgot to link AEP in IPG (attached 'no_AEP_in_IPG') and did static port binding for corresponding EPG. As a result the traffic flows correctly i...
Hello!I am planning to put my DMZ network in separate VRF in COmmon tennant and also I need to implement microsegmentation within DMZ (in fact Intra EPG isolation works fine, since the VMs within DMZ should talk each to other at all). DMZ GW is a Fir...
Hi Robert,Thanks for the answer! 1. Re contract inheritance - I wonder how it will inherit contracts with L4-L7 Service Graph with PBR? Currently I manually deploying new service graph instance for each contract manually mentioning source and destina...
@RedNectar@Robert Burns I have a Network Centric migration where DMZ gateway resides on external firewall. What I want to achieve - is to separate few groups of DMZ systems from communication each with other. Like machines A1, A2 and A3 should be abl...
Hi @RedNectar As @Robert Burns noted indeed my case is where GW resides outside of ACI and I still want to do microsegmentation. As I understand - no way? Beroshake
