TS FTD like TAC

 https://www.ciscolive.com/c/dam/r/ciscolive/emea/docs/2020/pdf/R6BGArNQ/TECSEC-3004.pdf

system support trace

network design ideas

Just writing down some idea's

Dual internet connection with failover
Share public range with BGP
Alternativly two public IP ranges with dyndns
OOB mananagement (open gear)
Redundancy starting at the SAN
Rule of thumb 2 of everything
HA firewall
HA switch (stack)
Vlans/networks LAN,WIFI, DMZ, DB, APP, VOICE, RSPAN, OOBMGMT, BACKUPS, MONITORING
Off site (cloud) backups or tape taken off site
Monitoring, graphing, alerting, PTRG, Netflow, SNMP
NTP server
TFTP server
config backup 
radius and MFA (DUO) where possible 
syslog (syslog-ng)
opendns (Cisco umbrella / dnsfilter)

IPS like security onion

Multiple DMZs or Private VLANS in your DMZ alternatively consider reverse proxy.