Hello,

I am converting an ASA configuration to a Firepower configuration using Firepower Management Center Virtual GUI.  The conversion tool is asking whether I want to convert ASA access rules into Prefilter Policies or Access Control Policies:

I want to understand the implications of choosing different policy options.

1. What inspection is lost by choosing to Prefilter & Analyze versus proceeding with the 'regular' Access Control Policy process?

2.  What policy would you recommend to use in a site where internet hosts initiate SSL-encrypted traffic to a web server? 

3. If I choose to convert my ASA rules into Prefilter policies, can I later convert those into 'regular' access control policies? (The FMC conversion tool warns that converting rules into Access Control Policies will prevent them from being converted into Prefilter Policies later.  It says the Prefilter behavior can be emulated, but not truly replicated.)

4.  Where can I find more resources that explain exactly how FTD monitors traffic, and how different policies affect that inspection?

Thank you for your assistance