Hi,
Our core switch has a link to FTD and on this link, we separated Inbound, outbound, and DMZ zones by VLANs on FTD.
Partner, AWS & Azure connections separated by VLANs on the same link. On Azure private peering, we're advertising some of our private blocks and on AWS public peering we're announcing our public block. On partner private peering, we're announcing private ips and natting them to our internal private IPs. In the new design, I want to separate DMZ, Inbound, and Outbound Zones physically by connecting new switches to the FTD. My plan is to connect Azure & AWS &Partner links on the Outbound switch and separate them by the same VLANs on the outbound interface of the FTD and terminate them there on it.
What I am not sure is, is it a safer design for the security to terminate Partner, Azure, and AWS on the Edge router rather than FTD?