if I set the rule to allow packets in IPS does it still warns me if it finds a vulnerability?
What I'm trying to achieve is to enable IPS on a soon-to-be DMZ with various servers that need to be accessed from a LAN with over 500 clients, but before doing that I want to make sure we don't get false positives or errors due to IPS, so if this works I'm going to leave "allow packet" enabled for a few months to see if I get any alerts, if I do then I'll investigate further if I don't I will switch the action back to "Reccomended".
Is it possible to achieve this?
TYA
bypass session would allow and not alert
so identify the problematic rules with the allow setting and later create a bypass list inside the IPS policy for the exceptions.
Keep in mind that IPS alerts may create thousands of Alert Emails generated by the firewalls. This may DoS your mailserver.
I have experienced that more than once.
Quote