Hi,

so, you have multiple service side VPNs (different VRF) on router side. Like data, voice, guest etc.

Here, important question is how SVIs are configured on Core switch? Most probably you have different SVIs for different service (e.g data, voice, guest), thus different VRFs as well. But firewall does not support context (VRF) or you don't want to do.

In this case, you can have multiple interconnections between core and firewall, and also between firewall router. So called "VRF-lite". Firewall will not understand this, but you add each interconnection to different zone and block traffic between interconnections.

Example,

[Data SVI on core] Core switch [IR SVI for data]---[inside_data_zone] Firewall [outside_data_zone]---[service_side_interface_data] SDWAN_ROUTER

[Voice SVI on core] Core switch [IR SVI for voice]---[inside_voice_zone] Firewall [outside_voice_zone]---[service_side_interface_voice] SDWAN_ROUTER

For each service core's "left" and "right" side should be in the same VRF with default route pointing respective FW interconnection interface.

However, for each service firewall does not have VRF logic, you simple put each IR interface to different zone, block default any traffic and allow on certain per service (like from inside_data to outside_data).