How is traffic directed to a Palo Alto Networks firewall integrated with Cisco ACI?
How is traffic directed to a Palo Alto Networks firewall integrated with Cisco ACI?
Traffic is directed to a Palo Alto Networks firewall integrated with Cisco ACI through a policy-based redirect (PBR). PBR is a method that allows specific traffic to be rerouted based on policies rather than destination IP address alone, making it suitable for directing traffic to security devices like firewalls.
This is one of those purposly missleading questions. "ON" PA FW you use PBR, but here is "TO" PA so I would go for A
https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-739971.html
Answer A is correct. Cisco ACI is using descriptiv language via UI and API. Contracts can utilize Proxy ARP and PBR as techniques for traffic routing, but it isn't the way to configure. https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-743951.html#Howcontractswork
Cisco ACI uses contract to tie in external security appliances
Should be C: The Question is asking how the traffic is send to the PA FW not how to configure it. You may configure it with contracts but the traffic is directed to the PA FW with a PBR. "traffic is sent to the firewall with a policy-based redirect (PBR)" "For east-west traffic, define a bridge domain and subnet in the ACI fabric for the firewall. Configure contracts between EPGs that send traffic to the firewall using a PBR. The PBR forwards traffic to the firewall based on policy containg the firewall’s IP and MAC address." Src: https://docs.paloaltonetworks.com/vm-series/11-1/vm-series-deployment/set-up-a-firewall-in-cisco-aci/palo-alto-firewall-integration-with-cisco-aci-overview