How is traffic directed to a Palo Alto Networks firewall integrated with Cisco ACI?

How is traffic directed to a Palo Alto Networks firewall integrated with Cisco ACI?
A . By using contracts between endpoint groups that send traffic to the firewall using a shared policy
B . Through a virtual machine (VM) monitor domain
C . Through a policy-based redirect
D . By creating an access policy

View Answer

Answer: C

Explanation:

Traffic is directed to a Palo Alto Networks firewall integrated with Cisco ACI through a policy-based redirect. Cisco ACI is a software-defined network (SDN) solution that provides network automation, orchestration, and visibility. A policy-based redirect is a mechanism that allows Cisco ACI to redirect traffic from one endpoint group (EPG) to another EPG through a service device, such as a Palo Alto Networks firewall. The firewall can then inspect and enforce security policies on the redirected traffic before sending it back to Cisco ACI. Traffic is not directed to a Palo Alto Networks firewall integrated

with Cisco ACI by using contracts between endpoint groups that send traffic to the firewall using a shared policy, through a virtual machine (VM) monitor domain, or by creating an access policy, as those are not valid methods for traffic redirection in Cisco ACI.

Reference: Palo Alto Networks Certified Software Firewall Engineer (PCSFE), [Deploy the VM-Series Firewall on Cisco ACI], [Cisco ACI Policy-Based Redirect]