Who rated this post

cancel
Showing results for 
Search instead for 
Did you mean: 
Vladimir
Champion
Champion

My preferred architecture is to have layer 2 bridge in front of the addressable L3 device.

In your case,since ASA is directly accessible from the Internet, it is easier to run DDOS against (unless there is additional filtering performed on the border routers).

If you have a firewall/IPS in transparent bridge on the edge, you can drop a lot of stuff before it hits the device that actually has to accept connections.

0 Kudos
(1)
Who rated this post