Cisco ACI Micro Inspection with FTD Use Case Lab

In some use cases of modern SDN networks, you might have the desire to enforce Next-Generation Firewall (NGFW) inspection within all the IP addresses and Virtual Machines (VM) in your Data Center, this might be traffic within the VMs or endpoints in the same subnet, or across all subnets. This is not a sort of a new design, but rather a way of many flexible deployment options available in Cisco ACI. Cisco ACI provides simplicity and flexibility to automate this redirection with only one Contract and a one simple NGFW Service Graph. There is no need to install a dedicated VM Firewall per host, or add any complex software tunneling techniques that will only complicate the setup and increase your resource consumption on the servers or create bottlenecks, leading to extra TCO eventually. With symmetric Policy Based Routing (PBR) in ACI, you can add many standalone separate NGFWs, and ACI can load balance the traffic across the nodes, avoiding any failed NGFW nodes in case not reachable. You can easily expand as you grow horizontally by adding more NGFW nodes without complexity. Cisco ACI and FTD Firewalls can easily integrate, where ACI creates and notifies objects used in FTD about each of the detected VM or IP endpoints in the data center, not only for visibility enrichment and compliance of your firewall policy rules, but also to self-optimize your rules, keeping your network object rules up to date and accurate, leading to less utilization and lower TCO. In this quick demo, we have two VMs in the Web EPG, and one VM in the DB EPG, we will demonstrate how we can redirect traffic between the VMs in the Web EPG and also traffic flowing between the two different EPGs to FTD, we will also observe how ACI can update the network objects referenced by the FMC for FTD. Checkout the below White Paper for more details on ACI PBR capabilities: https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-739971.html

Category