Configuring Security Policies for IPS
You must redirect traffic flows to the AIP-SSM module through security policies, be it a copy
or live traffic. This can be done through service-policies on the Security Appliance. The
ASDM can use a service-policy wizard, or you can use the CLI to configure a service-policy.
You can also use an already configured service-policy. Using the Service-Policy button, you
can access an existing service-policy, or through the wizard you can enable an IPS-policy on
that service-policy. Figure 19-6 shows the window that you will use to enable the IPS policy
and which access mode, promiscuous or inline, you will use for the service-policy. You almost
must define which failure state you would like the service-policy to use for the AIP-SSM. You
have now applied an IPS policy to the Security Appliance and can monitor it through the
Monitor tab in ASDM.