With intrusion prevention, you can examine network traffic for anomalies to prevent DoS and other spoofing attacks. Using policies, you can define rules that specify an action to take when traffic matches signature criteria. You can specify protection on a zone-specific basis and limit traffic to trusted MAC addresses or IP–MAC pairs. You can also create rules to bypass DoS inspection.
Turn on IPS protection
You must turn on IPS protection to enforce the protection. To turn it on, go to Intrusion prevention > IPS policies.
To be able to turn on IPS protection, you must have an active Network Protection subscription or a trial license.