Q. Have you applied the licenses to the module?

A. Yes. Verified via ASDM (Configuration -> ASA FirePOWER Configuration -> Licenses)

Q. Setup access policies on it?

A. Access Control and Intrusion Policies created

Q. Have you setup the service-policy to direct traffic through the module?

A. Service-policy configured and verified. I can add the “News” URL Category to the Access Control Policy and it will block cnn.com. Remove the News Category and access restored. This test also confirms the first two questions.

So does anyone have any ideas?

Do you have logging enabled on your policies?

Verified enabled within rule in Access Control Policy. Enabled logging when I created the rule many many days ago.

Any ideas???

Since you have a licensed product you should have support. I'd suggest opening a TAC case.

The TAC engineer can work with your interactively to examine and verify your settings.

In our situation I have pinpoint the problem to Security Intelligence Rules, when I enable a number of this I get a warning regarding the available memory on the ASA5506 in the health alerts of the Management Center.

Removing the Sec.Intelligence Rule the device is functioning again.

On my ASA, always return the data not available (see below). Someone had success to fix this problem ?

anyone can help?

Bump. Can someone shine some light on crusier2015's question? I been seeing this in our ASA5506-x as well.

Thanks.

Dominick, unfortunately i had to migrate for FMC, report of ASDM is simple.

I've had the same issue at the initial phase of ASA 5506X deployment.

01. verify that traffic is redirected to the SFR module:

asa-5506x# show service-policy sfr

Global policy:
  Service-policy: global_policy
    Class-map: cl-map_sfr_mon
      SFR: card status Up, mode fail-open monitor-only
        packet input 0, packet output 1046528, drop 0, reset-drop 0
asa-5506x#

See at "packet output" value, if it more than 0 - it redirects traffic, if it equals to 0, verify your class-map, policy-map and service policy definitions.

Here's my config for monitor-only mode:
--------------------------------------------------
access-list acl_dp_sfr_mon line 1 remark *** traffic that should be redirected to the ASA SFR module ***
access-list acl_dp_sfr_mon line 2 extended permit ip any any

!--- create a class-map in order to match the traffic on an access list
class-map cl-map_sfr_mon
 description *** Class map to identify traffic that should be redirected to the ASA SFR module ***
 match access-list acl_dp_sfr_mon
 exit

!--- specify a location and apply the policy globally
policy-map global_policy
 class cl-map_sfr_mon
  sfr fail-open monitor-only
  exit
 exit
--------------------------------------------------

02. Configure policy on the FirePOWER module (the perfect condition for test purpose is absense of any rules):

a. open ASDM
b. Go to Configuration / ASA FirePOWER Configuration / Policies / Access Control Policy
c. open "Rules" tab
d. click "Add Rule" button
e. give a discriptive name to the rule, for example "monitor_any", set "Action" to "Monitor", set "Insert" to "into Category" & "Administrator Rules" and click "Add"
f. below the newly created rule find row with "Default Action" & set its value to "Intrusion Prevention: Maximum Detection"
g. click "Store ASA FirePOWER Changes" button in the middle part of the window
h. at the upper part of the ASDM click "Deploy" / "Deploy FirePOWER Changes" or simply use "Ctrl+D" shortcut
i. in the summary pop up click "Deploy" button to commit changes to the FirePOWER module

Please provide feedback if it works for anybody else.

This worked for me