: Create an L4-L7 Device
Focus
Focus

Create an L4-L7 Device

Table of Contents

Create an L4-L7 Device

You must define the firewall as an L4-L7 device in the APIC so ACI can insert it into the traffic flow. You configure L4-L7 devices in the APIC as a device cluster, which is a construct that represents a single firewall or a firewall HA pair acting as a single device. Device clusters have one or more logical interfaces, which define the path of the member firewalls with a VLAN from the physical domain.
  1. On the
    Tenants
    tab, double-click on the name of your tenant.
  2. Select
    Services
    L4-L7
    Devices
    .
  3. Right-click
    Devices
    and select
    Create L4-L7 Device
    .
  4. Clear the
    Managed
    check box.
  5. Enter a descriptive
    Name
    for your L4-L7 Device.
  6. Select
    Firewall
    from the
    Service Type
    drop-down.
  7. Select
    Physical
    for a physical firewall or
    Virtual
    for a VM-Series firewall from the
    Device Type
    drop-down.
  8. Select the physical or VMM domain you created previously from the
    Domain
    drop-down.
  9. Select HA Node for
    View
    .
  10. Under
    Device 1
    , click the plus (+) icon to the right of
    Device Interfaces
    .
  11. Enter a descriptive
    Name
    for this interface.
  12. Under
    Path
    , select the path to the primary firewall in your HA pair.
  13. Click
    Update
    .
  14. Under
    Device 2
    , click the plus (+) icon to the right of
    Device Interfaces
    .
  15. Enter a descriptive
    Name
    for this interface.
  16. Under
    Path
    , select the path to the secondary firewall in your HA pair.
  17. Click
    Update
    .
  18. Under
    Cluster
    , click the plus (+) icon to the right of
    Cluster Interfaces
    .
  19. Enter a descriptive
    Name
    for the cluster.
  20. Select the two interfaces you configured above from the list under
    Concrete Interfaces
    . The APIC requires that you configure two interfaces. However, because there is only one connection between the firewall and the ACI fabric, only one of the interfaces is used.
  21. Under
    Encap
    , enter a VLAN from the from the static VLAN pool you created earlier. Traffic will be redirected to the firewall on the VLAN assigned here.
  22. Click
    Update
    .
  23. Click
    Finish
    .

Recommended For You