An engineer designs a Cisco ACI Multi-Pod solution that requires a pair of active-standby firewalls in different pods for external connectivity. How should the firewalls be implemented?
It's B, according to the document in the link.
https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-739571.html#Option3RoutedfirewallwithL3OutpeeringwiththeCiscoACIfabric
Using separate L3Out peerings ensures that each pod has its own L3Out connection and the firewalls can be set up in an active-standby configuration, providing the necessary external connectivity and redundancy for the Multi-Pod solution.
The question is lacking information, but I agree more on the side of answer A or B A. PBR for routed firewalls
B. separate L3Out peerings for routed firewalls
From my point of view - all answers are possible implementation of firewalls based on attached document. But considering usage for external connectivity - tra transparent firewall and firewall as default gateway are not suitable, because not only external connectivity goes through firewall. You can use L3 out binding for external connectivity (A) but also PBR (B) towards the L3 out ...
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Brand
1 week agofreezing_eyes
6 months, 1 week agokamkol
8 months agoJaroslavS
2 years, 6 months agoapot
3 years, 2 months ago