https://community.cisco.com/t5/network-security/asa-firepower-inline-tap-mode/m-p/2909615#M1031702 Hi Daniel, Configuring ASA with monitor only would just send a copy of traffic to Firepower and not the actual traffic so that's passive mode. It can be configured inline and then use an intrusion policy with "drop when inline" option disabled. You would need to make sure that there is no access rule in access control policy which has action as block so that no other traffic is dropped. Let me know if it helps. Thanks, Yogesh Wed, 23 Mar 2016 08:44:24 GMT yogdhanu 2016-03-23T08:44:24Z https://community.cisco.com/t5/network-security/asa-firepower-inline-tap-mode/m-p/2909614#M1031701 <P>Hello,</P> <P></P> <P>I would like to understand the configuration of Inline Tap Mode in ASA with FirePOWER.</P> <P>To operate in this mode, I need to configure the ASA policy-map to <STRONG>monitor-only</STRONG> or can <STRONG>keep inline</STRONG> and create an Intrusion-Policy on FMC with&nbsp;<STRONG>Drop When Inline</STRONG> option disabled?</P> <P></P> <P>What would be the right option?</P> <P></P> <P></P> <P>Regards,</P> <P>Daniel Stefani</P> Tue, 12 Mar 2019 12:55:57 GMT https://community.cisco.com/t5/network-security/asa-firepower-inline-tap-mode/m-p/2909614#M1031701 Daniel Stefani 2019-03-12T12:55:57Z https://community.cisco.com/t5/network-security/asa-firepower-inline-tap-mode/m-p/2909615#M1031702 Hi Daniel, Configuring ASA with monitor only would just send a copy of traffic to Firepower and not the actual traffic so that's passive mode. It can be configured inline and then use an intrusion policy with "drop when inline" option disabled. You would need to make sure that there is no access rule in access control policy which has action as block so that no other traffic is dropped. Let me know if it helps. Thanks, Yogesh Wed, 23 Mar 2016 08:44:24 GMT https://community.cisco.com/t5/network-security/asa-firepower-inline-tap-mode/m-p/2909615#M1031702 yogdhanu 2016-03-23T08:44:24Z