The solution you mentioned will work very well, another aolution is to connect the firewalldirectly to your SP if there is no need for the router. You will need the router for some reason, if a feature is not supported by the firewall (for example routing protocol, or wan type)
If that is not the case, then you can use the FW only
Sent from Cisco Technical Support iPhone App