Cisco Cisco ASA 5506W-X with FirePOWER Services Technical Manual

ASA FirePOWER modules (ASA 5506X/5506H-X/5506W-X,  ASA 5508-X, ASA 5516-X ) running
software version 5.4.1 and higher.

ASA FirePOWER module  (ASA 5515-X, ASA 5525-X, ASA 5545-X, ASA 5555-X) running
software version 6.0.0 and higher.

The information in this document was created from the devices in a specific lab environment. All of
the devices used in this document started with a cleared (default) configuration. If your network is
live, ensure that you understand the potential impact of any command.

FirePOWER IDS/IPS is designed to examine the network traffic and identify any malicious
patterns (or signatures) that indicate a network/system attack. FirePOWER module works in IDS
mode if the ASA's service-policy is specifically configured in monitor mode (promiscuous)  else, it
works in Inline mode.

FirePOWER IPS/IDS is a signature-based detection approach. FirePOWERmodule in IDS mode
generates an alert when signature matches the malicious traffic, whereas FirePOWER module in
IPS mode generates alert and block malicious traffic. 

Note: Ensure that FirePOWER Module must have Protect license to configure this functionality. To verify the license,
navigate to Configuration > ASA FirePOWER Configuration > License.  

To configure Intrusion Policy, login to Adaptive Security Device Manager (

Step 1. Navigate to Configuration > ASA FirePOWER Configuration > Policies > Intrusion
Policy > Intrusion Policy.

Step 2. Click the Create Policy.

Step 3. Enter the Name of the Intrusion Policy.

Step 4. Enter the Description of the Intrusion Policy (optional).

Step 5. Specify the Drop when Inline option.

Step 6. Select the Base Policy from the drop down list.

Step 7. Click Create Policy to complete Intrusion Policy creation.

Tip: Drop when Inline option is crucial in certain scenarios when the sensor is configured in Inline mode and it is required
not to drop the traffic even though it matches a signature which has a drop action.