About the block response

For Network IPS appliances, the block response is a default response that blocks attacks by dropping packets and sending resets to TCP connections.

The block response for an appliance differs depending on the operation mode:
Mode Action
Passive Monitoring Sends resets to block only TCP connections.
Note: You can disable resets by using tuning parameters, disabling the block response in security events, or by changing X-Force® default blocking to Never.
Inline Simulation Monitors network traffic and generates alerts but does not block the offending traffic
Inline Protection Blocks attacks by dropping packets and sending resets to TCP connections
The appliance mode is set when the appliance is installed. For information about changing the appliance mode, see Configuring security interfaces.
Parent topic: Administering Network IPS appliances
Related tasks:
Configuring general settings for security events
Configuring general settings for response filters
Reviewing security alert logs