Hi Gonate2402 You would need to configure routing/switching on the ASA to send traffic to the 'offloaded' IPS (4110). I don't know this would work in theory. I would strongly recommend a different approach; either, 1) Place the 4110 between the ASA and Switch (transparent inline mode) 2) Replace the ASA with the 4110 and use Firewalling & IPS (SNORT) on one box Cheers ... View more

Hi Vijay   For network/perimeter: Depending on what routers you're using for the MPLS legs; you could use FTD for ISR. Also consider FTD NGFWs placed behind the routers. The main Cisco security features are Security Intelligence blacklisting (related Malware category) based on IP address, DNS and URL. This will block any inbound/outbound connections to any blacklisted object. Also there are regularly updated Snort rules that can block the files in transit. FireAMP will provide cloud lookup,network trajectory analysis and cloud sandboxing (keep in mind the network version of this can increase the performance load on the FTD).   Hope this helps. Phil ... View more