Hey All! Today I came across a design that struck me as odd. It consists of two L2 switches plugged directly into their own separate ISP (multi-homed) uplinks. Each ASA in the pair sat behind its own ISP switch and both switches were trunked and port-channeled together. Is this secure/common?

I’m used to the idea of L3 devices like routers or firewalls being the termination point into the network. This kind of threw me off but I’m glad to have come across the design. I’m just wondering if it’s secure to have internet traffic ingress on a L2 connection and trunk data across the internal network.