I would like to check when having an IPS module on ASA, what will be done first; the firewailling or the IPS function?
This is quoted from the configuration guide for the ASA version 7.2:
The ASA 5500 series adaptive security appliance supports the AIP SSM, which runs advanced IPS software that provides further security inspection. The adaptive security appliance diverts packets to the AIP SSM just before the packet exits the egress interface (or before VPN encryption occurs, if configured) and after other firewall policies are applied. For example, packets that are blocked by an access list are not forwarded to the AIP SSM.
It indicates that the firewall operates first and then sends to the IPS.