hello Kanan

Thank you for comments, are always very welcome

Yes, i understand what you mean, and it's a good point, but if you technically had a device that could do the same as a Firepower 2120 and even more, I think there would be no problem, of course it's my point of view, but I opened this space since technically could a Cisco Router with SD WAN meet, against a Firepower? especially if we talk about a model like the C8500L-8S4X vs. Firepower 2120?

Think this
We currently have only one Firepower 2120 firewall where remote access VPNs and site-to-site VPNs end, plus perimeter security. I think it is not very robust to leave that equipment without thinking about having HA with two C8500L-8S4X with SDWAN... .
It's a design that doesn't make sense, so since we're going to have sdwan with 2 device in HA, so, why not move everything to that infrastructure? You end up having a single pane of glass for everything...

Performance router 8500L more powerful than firepower 2100 series but it different type of devices, of course you can use 8500 as Firewall but you won't have function as stateful failover and we don't know how many session can hava 8500L. My opinion if you can buy some devices use 8500L for sdwan border and fpr3105 for firewalls and ssl vpn

Answer is "depends".

If you have stateful firewall functionality (with zones) with few number of generic rules, then it is OK to do that.

But if your firewall does many job and it has different function (like URL& App filtering, NGIPS etc.), then it will be very difficult to manage such functions in C8K via vManage while you'd do it via FMC. Also, I don't aware how granular checks,  event correlation you can do with C8K. You should check what function you run in existent FW and you want to run in C8K, what type of monitoring you do now and want to do, and decide which option is better.

For DC/ HQ I'd never go with such option, to be honest.