IPS "Allow packet" still warns you if something is detected?

if I set the rule to allow packets in IPS does it still warns me if it finds a vulnerability?

What I'm trying to achieve is to enable IPS on a soon-to-be DMZ with various servers that need to be accessed from a LAN with over 500 clients, but before doing that I want to make sure we don't get false positives or errors due to IPS, so if this works I'm going to leave "allow packet" enabled for a few months to see if I get any alerts, if I do then I'll investigate further if I don't I will switch the action back to "Reccomended".

Is it possible to achieve this?

TYA



Added TAGs
[edited by: Raphael Alganes at 2:12 PM (GMT -8) on 7 Jan 2025]
  • Allow will basically only Log the Packet. 

    __________________________________________________________________________________________________________________

    • which would be fine with what I'm trying to achieve, but can I enable some sort of alerts to warn me if something is categorized as malicious by the IPS or do I need to check the logs on a regular basis? It would be also good having some sort of evidence on the dashboard when something is discovered.  

      • bypass session would allow and not alert

        so identify the problematic rules with the allow setting and later create a bypass list inside the IPS policy for the exceptions.

        Keep in mind that IPS alerts may create thousands of Alert Emails generated by the firewalls. This may DoS your mailserver.

        I have experienced that more than once.