if I set the rule to allow packets in IPS does it still warns me if it finds a vulnerability?
What I'm trying to achieve is to enable IPS on a soon-to-be DMZ with various servers that need to be accessed from a LAN with over 500 clients, but before doing that I want to make sure we don't get false positives or errors due to IPS, so if this works I'm going to leave "allow packet" enabled for a few months to see if I get any alerts, if I do then I'll investigate further if I don't I will switch the action back to "Reccomended".
Is it possible to achieve this?
TYA
Allow will basically only Log the Packet.
__________________________________________________________________________________________________________________
which would be fine with what I'm trying to achieve, but can I enable some sort of alerts to warn me if something is categorized as malicious by the IPS or do I need to check the logs on a regular basis? It would be also good having some sort of evidence on the dashboard when something is discovered.
bypass session would allow and not alert
so identify the problematic rules with the allow setting and later create a bypass list inside the IPS policy for the exceptions.
Keep in mind that IPS alerts may create thousands of Alert Emails generated by the firewalls. This may DoS your mailserver.
I have experienced that more than once.