I understand that this should be dictated by a security policy/risk assessment, but I was hoping to get some opinions on this.
The ACS is behind the Internet firewall. We are going to place it on a LAN so that it can be accessible throughout all the WAN by any LAN. Should it go behind a Firewall Services Module? To me, putting the ACS behind a FWSM is excessive and unnecessary and just adds to overhead. The box is already hardened and has CSA running on it. Would you agree?