I have two locations, each with failover ASA's 5500's connected together with l2l vpn. I am running IPS mods in each ASA and using CSM to manage policies. Question: can I create 1 "global" policy for all 4 ASA's and two "local" policies to control both ASA's in each location? My thought is 1 global for all 4, 1 local for NY ASAs and 1 local for CA ASAs. I am looking for signature policies only at the moment. IPS mods are being managed with CSM not ASAs.