Sure, all traffic at datacenter is routed via the firewall appliances (using Send all traffic via LAN setting on FH).
So for one peer to route to another on the same node:
Peer1 -> nodeA Fusionhub -> nodeA firewall -> nodeA Fusionhub -> Peer 2
Peer1 -> nodeA Fusionhub -> nodeA firewall -> nodeA Fusionhub -> nodeB FusionHub -> nodeB Firewall -> NodeB Fusionhub -> Peer3
Since the firewalls are inline with all traffic I get really granular control at the firewall level as to which peer LAN devices can communicate with other peers, at an IP level but also a TCP level.
I can also add more public IPs to the firewall to provide inbound NAT over PepVPN to LAN devices connected using MAX routers on dynamic cellular IPs.
This lets be build complex multi-tenanted multi-Fusionhub deployments across multiple datacentres really easily. And I can add in SSL / OpenVPN / TINC / IPSEC VPNS from the firewalls back to the customers corporate resources, add existing IPSEC remote sites (using 3rd party routers) or provide any type of client VPN access as an enhancement to PepVPN for remote site access.
Here is an example where we provide remote CCTV connectivity as a service to multiple CCTV companies across europe. Firewall & routing rules let any remote CCTV system (using a MAX) connect to any of our hybridNET nodes whilst limiting access to the correct service provider / customer.
We effectively become a virtual Network operator for the CCTV service provider companies.