Create and Apply a Service Graph Template

Create a service graph template that uses the device cluster representing the firewall in a policy-based redirect integration. After creating the service graph, you must apply it to EPGs to protect traffic. A contract and contract filter rules define the traffic that can be forwarded to the firewall.
  1. Create a service graph template.
    1. On the
      Tenants
      tab, double-click on the name of your tenant.
    2. Select
      Services
      L4-L7
      L4-L7 Service Graph Templates
      .
    3. Right-click
      L4-L7 Service Graph Template
      and select
      Create L4-L7 Service Graph Template
      .
    4. Enter a descriptive
      Graph Name
      for your service graph template.
    5. Select
      Create a New One
      for
      Graph Type
      .
    6. Click and drag the L4-L7 device you created in the previous procedure between the consumer and provider EPGs.
    7. Select
      Routed
      for
      Firewall
      .
    8. Select
      Routed Redirect
      .
    9. Click
      Submit
      .
      create-a-service-graph-template-pbr.png
  2. Apply the service graph template.
    1. On the
      Tenants
      tab, double-click on the name of your tenant.
    2. Select
      Services
      L4-L7
      .
    3. In the
      EPGs Information
      pane, select your consumer and provider EPGs from the
      Consumer EPG
      and
      Provider EPG
      drop-downs.
    4. Select
      Create a New Contract
      .
    5. Enter a descriptive
      Contract Name
      .
    6. Clear No Filter
      (Allow All Traffic)
      . Using this option is not recommended. To allow all traffic between the EPGs to be redirected to the firewall, it is recommended that you create a filter to do this.
    7. Click the plus (+) icon to the right of
      Filter Entries
      .
    8. Create a rule (or rules) to define what traffic is allowed to pass between the EPGs and redirected to the firewall.
    9. Click
      Next
      .
      apply-a-service-graph-template-1.png
    10. Select the service graph template you created in the previous procedure from the
      Service Graph Template
      drop-down.
    11. In the consumer and provider pane, select the bridge domain containing your firewall from the
      BD
      drop-downs.
    12. Select the policy based redirect you created previously from the
      Redirect Policy
      drop-downs.
    13. Select the cluster interface you created with you L4-L7 device from the
      Cluster Interface
      drop-downs.
      apply-a-service-graph-template-2.png

Recommended For You