Hi AhmedMohamed,
Please find answers inline:
when implementing both devices in the network :
1- Should the IPS exist before or after the firewall ???
-- It should be after. The reason being you dont want the IPS to be processing each and every packet through the device. IPS should be enabled only in the policies where you suspect malicious traffic to come in through
2- Should i stop some features in the firewall like screen options as the IPS can perform it .
-- Screens and IPS perform very different functions. Screens can be either statistics based or signature based but irrespective of how you deploy them, screens will only inspect and action until Layer 4 and not beyond that.
3- If yes what other features that should be off in the firewall ?
-- you might want to consider disabling other features if you are seeing a hit to the performance of the FW. So this question really depends on the amount of traffic you inspect through IDP.
Regards,
Anand
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too