Hi All, I have a two part question. We have a Cisco ASA 5516 in ASA mode with the Firepower module with IPS/AMP/URL and a virtual FMC managing it....currently I have the module in "monitor-only" mode. My questions are:
1. Since the ASA has its own ACL's when does the traffic get redirected to the firepower module....does it go thru the ACL's on the ASA first then get redirected to the sensor to further inspection?
2. What would be the best practice when creating my Access Control Policy's in the FMC....should I write all my ACP's and define the traffic I want to get inspected and filtered then have an "any any" to allow traffic still to pass thru the sensor....remember I have ACL rules on the ASA....
Thanks,
Dan