- Products
- Learn
- Local User Groups
- Partners
- More
Access Control and Threat Prevention Best Practices
5 November @ 5pm CET / 11am ET
Ask Check Point Threat Intelligence Anything!
October 28th, 9am ET / 3pm CET
Check Point Named Leader
2025 Gartner® Magic Quadrant™ for Hybrid Mesh Firewall
HTTPS Inspection
Help us to understand your needs better
CheckMates Go:
Spark Management Portal and More!
My preferred architecture is to have layer 2 bridge in front of the addressable L3 device.
In your case,since ASA is directly accessible from the Internet, it is easier to run DDOS against (unless there is additional filtering performed on the border routers).
If you have a firewall/IPS in transparent bridge on the edge, you can drop a lot of stuff before it hits the device that actually has to accept connections.
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY
