we'be Checkpoint VPN-1/FW-1 in perimeter & Cisco PIX 525 in Internal (Dual FW design).
We've also put ACLs on Perimeter Router.
My question is:-
1. Do I still need to configure CBAC on Perimeter Router even though Checkpoint is there. If yes why? as it will unnecessarily put more processing load on router and why to do Stateful inspeciton again when Checkpoint is there
Internet > Internet_Router>Checkpoint>DMZ>PIX>Internal N/W
2. Do I need to configure IPS on Perimeter Router even we are using SNORT ?
3. How good is Cisco IPS to SNORT
4. How to allow NAV updates to DMZ Server through any Firewall as SAV liveupdate as 100's of Servers & i want to restric it using URL and not through IP
5. How to block inbound Spoofed emails, can any Firewall so that?
Thanks in advance.