Re: IPS from LAN to WAN
Ok, thank you. I also have enabled IPS in a WAN --> LAN policy in order to protect the customer servers, because the customer is using Virtual IPs and Destination NAT to access some servers remotely. I just wanted to be sure because some collegues told me that I only needed enable the IPS in the WAN --> LAN direction and not in the LAN --> WAN direction. Then I wondered, how will I protect the hosts againts attacks initiated from outside? And as you told, enabling IPS on the outbound policy should protect the sessions that are initiated by that policy (therefore by the hosts).