I've been configuring different set of firewalls from different vendors except Cisco ASA/PIX. I am currently working on a project for deploying and configuring Cisco ASA 5510 appliance in a routed L3 Mode. I've read lots of articles and e-books for how to deal with the ASA. However, the thing that confuses me is why Cisco is using the concept of Vlans in its firewalls!. Even though i have multiple Vlans exists in my switched network, i find it not necessary to configure Vlans in ASA.
The normal configuraton that i used to do in any firewall is, connecting an "inside" physical interface to the LAN switch and "outside" interface to the gateway switch. Then, configure the firewall to reach the Vlans in the internal switch by using simple static routes. By this way, the firewall is aware of the remote subnets or Vlans in the switch. The internal hosts gateway normally would be the SVI or Vlan interface in each Vlan. Default route (or default gateway) is created in the internal switch to the "inside" firewall interface.
So, the question, why do i need to create Vlans in the Cisco ASA/PIX to know about my internal Vlans? .... I beleive there is a benefit for it but it is not mentioned in any Cisco pages. Almost all the Cisco websites pages i visited are talking about configurations/Know-how and but not Know-why.
Appreciate your quick response.