If you only want to place the FWSM in front of the MSFC then no not really. You just need to make sure that the routed vlan is not the outside interface.
If you want to have a FWSM in front of the MSFC and also behind you need contexts. We have this setup in our data centre where we have multiple server vlans protected by the FWSM with the MSFC in front and then a separate context for connecting a 3rd party with the MSFC behind.
I would still be wary of using the FWSM as the front door to the internet. I believe it is very good as a datacentre firewall for segregating your server vlans etc. but i would feel nervous using it as the main Internet firewall. The scope for a configuration error, vlan hopping etc. would make me nervous. I would prefer to use a standalone firewall myself.
VMware Trunk Port Group is supported from ACI version 2.1
VMM integration must be configured properly
ASA device package must be uploaded to APIC
ASAv version must be compatible with ACI and device package version
In the Previous articles of ACI Automation, we are using Postman/Newman as the Rest API tool to automate the ACI Configuration.
In this article I’m going to discuss on usin...
One of the first steps in building your ACI Fabric is to go through Fabric Discovery. While Fabric Discovery is usually a straightforward process, there are various issues that may prevent you from discovering an ACI switch. This article wil...