I have one query on ACL's on the internet edge routers. If we configure the ACL's as per the below weblink on the edge routers, we may not get all the logs on the firewall as the traffic is filtered at the router level and we donot enable logging on the router.
Unless we enable IDS on this segment there is no way of knowing any attacks towards the firewall or the router itself. I need some comments from security experts on this kind of implementation.
Thank You very much,