We are replacing all of the switches in the network with two Nexus 93128 switches. We have 4 VLANS and need to add security between the MGNT VLAN, IIS Server VLAN, application VLAN and DB VLAN. This is all internal use, no external users. The problem is that they all need access to the internet for updates and call home to an outside vendor for monitoring.
Should I put ACL's at the switch level or route everything back to the ASA5520 for security and routing.