I am thinking of deploying the ACE module as my primary firewall device. Has anyone had issues with this? I am only looking for basic firewall functionality. Are there any issues with this?
Thanks in advance!
When you're saying "primary firewall device", do you mean edge-firewall or internal datacenter-firewall?
As far as deploying the ACE as my internal datacenter, I'd have no problems with that. In my work with the ACE, I've seen, that it can match for instance, the fwsm on most of the features needed for datacenter-fw's. This includes NAT/PAT, statics (class-maps), protocol inspection, access- and object groups, TCP-normalization and much more. Rather than me enumerating all of the ACE's feautes, I think you would be better off outlining your requirements and then comparing your firewall platform of choice with the ACE module, to see which serves you best.
Again, if comparing to the fwsm, the ACE scales to a significant highler throughput, 16Gbps depending on your license. And as far a the number of concurrent connections, translations, inspections etc etc, in my experience, the ACE has no problem rising to the occasion.
But if you need some kind of integrated IDS/IPS, VPN-features etc, I'm not sure the ACE shoudl be your first choice. This is often the case with edge-firewalls, where most newer firewall-platforms provide for either integrated features or modular/license based expansion of the basic firewall featureset. Although the ACE has support for a wide range of protocol inspections and rfc-2616 for http-requests, I'd hesitate to use as an IDS/IPS device.
Anyway, just my thoughts, hth.