Hi, we have installed ASA 5505 on our production site but ASA 5505 does not support IPS feature. May I know why we need to have IPS feature as we can manage all incoming and outgoing traffic via Firewall. Can you please show the difference in the terms of Layers as IPS support which type of layer tarffic nd FW too.. Thanks
This all depends on the firewall. Nowadays most commercial firewalls offer some level of 'deep packet inspection' (marketing term). So both IPS and Firewalls now go all the way upto layer 7. However the coverage offered by firewall(s) is usually just basic anomalies and attacks. And usually enabling this features reduced the firewall performance very drastically, sometimes even reaching 10 times less than the regular performance (throughput, connections per second etc.).