Hi ,
I am having a Cisco ASA 5585 SSP 10 with Firepower module for IPS with Control and Protection licences. I am migrating from Cisco 5515 ASA to this new firewall. Currently the cisco 5515 is having some policies which are applied on the outside interface. These are normal ACL which are checking traffic till layer 4.
Now when I am upgrading the firewall to 5585 and with firepower modules, I need some advice where to implement the seurity policies? In ASA or in Firepower. Also in firepower I am getting the option for zones , so I can make policies between zones rather than on the interfaces. This will save me administrative overhead and results in less policy base.
I need some clarification regarding:
1. Where to apply the security policies on ASA or Firepower?
2. What is the advantage and disadvantage of applying policies in firpower and not on ASA.?
3, Will there b any performance issue if I allow all traffic in ASA and apply all policies in firepower.?
Please advice