Hello, we're looking to implement an FTDv as an edge device for our Azure network. Currently our on-prem consists of a physical ASA and an outsourced IPS device (iSensor by Dell Secureworks) that sits in front of the ASA. My question is, are the IPS, AMP, and other security features of the FTDv managed by Cisco? For example will they automatically update definition files, actively quarantine/drop packets? In essence we don't have the man power to commit someone fully to managing rules and security, we'd like something with minimal management. Should we be looking at possibly using an ASAv with a separate outsourced IPS appliance in the cloud?
The FTDv would be a great solution for you. You can schedule updates (GeoDB, IPS etc..) So you wont need a man to manage rules and security. You will how ever need to manually upgrade the appliance, allthought this can be scheduled (But i wouldn't advice you to do that). Cisco Talos are the one giving you the updates