To configure IPS mode on a Cisco Secure Firewall Threat Defense (FTD) device to inspect traffic and

act as an IDS, the network engineer must configure an intrusion policy on the FTD device. The

passive-interface and SPAN on the switch have already been configured, which means the traffic is

being mirrored to the FTD. The next step is to set up an intrusion policy that defines the rules and

actions for detecting and responding to malicious traffic.

Steps:

In FMC, navigate to Policies > Intrusion.

Create a new intrusion policy or edit an existing one.

Define the rules and actions for detecting threats.

Apply the intrusion policy to the relevant interfaces or access control policies.

This configuration enables the FTD to inspect the mirrored traffic and take appropriate actions based

on the defined intrusion policy.

Reference: Cisco Secure Firewall Management Center Administrator Guide, Chapter on Intrusion

Policies    .