I was recently selected to be a member of the Cisco Champions team in 2015. This is truly an honor and gives me the opportunity to share my thoughts on IPv6, data center security and networking on the Cisco Communities blog site.
For my first Cisco blog post, I wanted to address the question, “With Cisco ACI, do you still need a firewall?” The short answer is: yes.
Cisco Application Center Infrastructure (ACI) operates with Cisco’s Nexus 9000 series hardware and in conjunction with the Application Policy Infrastructure Controller (APIC). Although ACI provides a high-performance data center fabric that can implement the policies created by APIC, we must remember that these are stateless policies. As a result, they do not have the same level of security as a stateful packet filtering system or a security appliance that is performing as a stateful proxy. Thus, additional security, such as a firewall, is needed.
If you’d like to understand the nitty gritty of how Cisco ACI works with APIC, check out my Cisco blog post here.
