Who rated this post

Showing results for 
Search instead for 
Did you mean: 

My preferred architecture is to have layer 2 bridge in front of the addressable L3 device.

In your case,since ASA is directly accessible from the Internet, it is easier to run DDOS against (unless there is additional filtering performed on the border routers).

If you have a firewall/IPS in transparent bridge on the edge, you can drop a lot of stuff before it hits the device that actually has to accept connections.

0 Kudos
Who rated this post