Just curious if anyone is using their ASA to peer via BGP with an ISP and receiving full internet routes. I currently have a set of 5545's (only running static routing) and am in the process of moving to a set of Firepower 4100's running ASA code. I would like to push dynamic routing down to the firewalls, but just not sure that they will handle the full table.
I think it is not good idea to receive all the internet routes, your device could become in a transit device and overload the CPU. Please check these links:
You could use advertise a default route to devices behind the firewall.
Hope it is useful
Is this BGP with a single ISP? Or BGP with multiple ISP? Full table from one or full table from more than one? What is the reason that you are interested in receiving a full table? It seems to me that it is a large step to go from static routing to BGP with the full table and I wonder what leads to the interest in receiving the full table?
Thanks for the questions and feedback. I was was more asking the question to see if from a performance point could ASA on Firepower 4100 handle a full Internet routing table. My design requirement for this was to dynamically re-route traffic on partial far end ISP failures. I have since had more time to review my design and have come up with a better solution which does not require running BGP down into my firewalls.
Thanks for the update. It is good to know that you have found a solution that does not require running BGP down into your firewalls.