When you enable the IPS feature, the XTM device examines traffic to look for patterns of traffic that match the signatures of known intrusions. When an IPS signature match occurs, the XTM device denies the content and the intrusion is blocked. If you want to allow traffic that is blocked by an IPS signature, you can find the identification number for the signature (the signature ID) and add the signature ID to the IPS exception list.
When the XTM device blocks a connection based on a match with an IPS signature, the signature ID appears in the log file if you have enabled logging for IPS. To see which IPS signature blocked the connection, look in the log file for the IPS signature ID number. If a connection that you want to allow is blocked by an IPS signature, use the signature ID to add an IPS exception to allow that connection.
On the Signatures tab, you can look up the IPS signature ID to see information about the threat a signature ID represents. For more information about how to look up an IPS signature, see Show IPS Signature Information.
To add an IPS signature exception:
To edit the settings for an exception, select the exception and click Edit.
To remove an exception, select the exception and click Remove.
Configure Intrusion Prevention