I'm looking at implementing an IPS for our Internet Edge networks and have been doing some reading up on the Cisco IPS and ASA ranges. I'm a bit confused about the capabilities of the various units and would appreciate some guidance. Our network infrastructure comprises of a 10Mbit Internet link and a 4Mbit WAN (MPLS) link.
The lowest specification IPS appears to be the IPS4240 (ignoring the 4215 which is now marked end-of-life). The 4240 documention states it can process 250Mbps of traffic and supports 4 interfaces. Am I right in thinking that this one device can therefore be simultaneously connected to multiple subnets (e.g., the DMZ and internal LAN at the same time)?
Is the ASA with an AIP-SSM-10 module able to monitor several interfaces in the same way? I'm aware the AIP-SSM-10 can only handle 150Mbps, but given my requirements, I'm assuming this can do the job. If so, can I use the ASA as an external firewall with interfaces to the WAN, DMZ and LAN and have the AIP-SSM-10 provide intrusion protection for all three interfaces?
The IPS 4240 is significantly more expensive than an ASA5510 with AIP-SSM-10 module. Apart from the higher throughput, does it have additional functionality beyond that provided with the ASA/AIP-SSM-10?
Thanks for any advice!