: Create an L4-L7 Device
Focus
Focus

Create an L4-L7 Device

Table of Contents
End-of-Life (EoL)

Create an L4-L7 Device

You must define the firewall as an L4-L7 device in the APIC so ACI can insert it into the traffic flow. You configure L4-L7 devices in the APIC as a device cluster, which is a construct that represents a single firewall or a firewall HA pair acting as a single device. Device clusters have one or more logical interfaces, which define the path of the member firewalls with a VLAN from the physical domain.
  1. On the Tenants tab, double-click on the name of your tenant.
  2. Select ServicesL4-L7Devices.
  3. Right-click Devices and select Create L4-L7 Device.
  4. Clear the Managed check box.
  5. Enter a descriptive Name for your L4-L7 Device.
  6. Select Firewall from the Service Type drop-down.
  7. Select Physical for a physical firewall or Virtual for a VM-Series firewall from the Device Type drop-down.
  8. Select the physical or VMM domain you created previously from the Domain drop-down.
  9. Select HA Node for View.
  10. Under Device 1, click the plus (+) icon to the right of Device Interfaces.
  11. Enter a descriptive Name for this interface.
  12. Under Path, select the path to the primary firewall in your HA pair.
  13. Click Update.
  14. Under Device 2, click the plus (+) icon to the right of Device Interfaces.
  15. Enter a descriptive Name for this interface.
  16. Under Path, select the path to the secondary firewall in your HA pair.
  17. Click Update.
  18. Under Cluster, click the plus (+) icon to the right of Cluster Interfaces.
  19. Enter a descriptive Name for the cluster.
  20. Select the two interfaces you configured above from the list under Concrete Interfaces. The APIC requires that you configure two interfaces. However, because there is only one connection between the firewall and the ACI fabric, only one of the interfaces is used.
  21. Under Encap, enter a VLAN from the from the static VLAN pool you created earlier. Traffic will be redirected to the firewall on the VLAN assigned here.
  22. Click Update.
  23. Click Finish.