when implementing both devices in the network :
1- Should the IPS exist before or after the firewall ???
2- Should i stop some features in the firewall like screen options as the IPS can perform it .
3- If yes what other features that should be off in the firewall ?
Please find answers inline:
-- It should be after. The reason being you dont want the IPS to be processing each and every packet through the device. IPS should be enabled only in the policies where you suspect malicious traffic to come in through
-- Screens and IPS perform very different functions. Screens can be either statistics based or signature based but irrespective of how you deploy them, screens will only inspect and action until Layer 4 and not beyond that.
-- you might want to consider disabling other features if you are seeing a hit to the performance of the FW. So this question really depends on the amount of traffic you inspect through IDP.
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too