Why is there a cost of integrating Cisco ACI and Check Point?
What do we as customers actually gain from it?

All other IaaS services from check point actually process the traffic itself.
Within ACI i do need to pay for the number of leaf switches within my APIC and yet i do need a VSX to process the traffic.

In my own case i do have 3 MDS with multiple VSX connected to ACI fabric with 100 Leaf switches in the main DC.
According to the licens i would need to buy 3 x CPSG-VSEC-ACI-100 or atleast i hope its like that and not for each CMA.
And as far as i can see one and only thing i actually get is to be able to map be able to use EPG within the policy.
I still need to buy all the firewalls to actually handle the traffic.

If this is compared to like vmware NSX, well then i can actually process the traffic within vmware.
And i do not need to buy the firewalls seperately.

Why dont do it like a normal azure/aws etc, be able to get the EPG info for free.
And if you want to run it via Check Point you add your firewalls and the benifit would be the same.
Within normal ACI contracts its no advance threatprevention and if you want IPS etc then you need to send the traffic to your check point firewall.
 
Regards
Magnus