My company is busy changing ISP's and we are busy with a network re-design.
Basically we have the following set of equipment are try to make the best use of it together with a secure design:
1 x Cisco ASA 5520
1 x Cisco ASA 5510
1 x AstroFlowGuard (Bandwidth manager)
2 x Barracuda Web Filters
1 x Barracuda Load Balancer (To load balance the web filters)
And other email and web servers that will be in the DMZ
Basically what I have come up with is using the 5520 as my main firewall with 2 x DMZ's, 1 x Inside and 1 x Outside. On the Inside interface I have placed the LoadBalancer with will be connected to the MPLS VRF (where all 60 of my sites hang off). The loadbalancer will the point to the 2 Barracuda Web Filters, which will inturn have thier default gateway set to the AstroFlowGuard (Bandwidth manager). In the Second DMZ all my email and web servers will be hosted. If I then set a default route on the ASA to point to the AstroFlowguard's IP and then set Astroflowguard to point to my "real" breakout router, will this work. As I can't figure out a way to get the bandwidth manager to work as it needs to be setup in a transparent bridge mode to work correctly.
I have tried to put together a diagram as to how i think this should work however I am not sure if there is a better/ smarter way of achieveing a better design.
Any help will be greatly appreciated as I am at a loss at the moment.