I'd personally run the FTD on a dedicated appliance rather than a module on the router, so you would implement the FTD between the router and your network.

Can i implement FTD before Router? I mean in the edge and router still have wan ip because that way i wouldn't have to change configuration on running Router. And it already had nat forwarding to internet and dmpvn configured to office, it will be a mess if i should reconfigure my running Router.

Ideally you should look at the new Firepower 1000 series appliances, as the ASA hardware is older and probably EOL sooner rather than later.

Firepower 1000 and 2000 is not ready product and it take long to deliver to my country.

How much throughput are you going to put through the appliance? You would need to ensure the 5516-X or whatever hardware you purchase can cope with your requirements.

I already check that and ASA5516-X comply with our throughput.

If you put the FTD in front of the router then the FTD would need the WAN IP address, so therefore you would have to change the router configuration. Place the FTD behind the router, such as ISP <> Router <> FTD <> internal network. You'd need to configure NAT on the router to the FTD's outside interface, unless you had additional public IP address range.

Alternatively you could implement FTD in transparent mode, link here.

If you put the FTD in front of the router then the FTD would need the WAN IP address, so therefore you would have to change the router configuration.

- It would be a mess right?

Place the FTD behind the router, such as ISP <> Router <> FTD <> internal network.

- Is it safe for a router running after ftd?

You'd need to configure NAT on the router to the FTD's outside interface, unless you had additional public IP address range.

- Yes i have additional public ip address range. this is my topology as right now, can you suggest me something.

I forgot to add my router run dmvpn for drc and office