Fortinet 100E - IPS Filtering (Best Practise)

Hi Guys,

We are currently reviewing our security procedures and I have a general question with regards to the best practises for utilising the IPS filtering on a Fortinet box.

Is it better to define individual policies depending on the service you are protecting, or should it be applied by eg OS type, service etc., or just apply everything.  Just looking for an idea of what others are doing.

We are currently defining indivdual IPS sensors depending on the service.  However, I'm wondering whether this is the best way of doing this as we might overlook something ie.  Applying the bruteforce filter for OWA, but forgetting about it being hosted on IIS, and thats service gets missed ...  that sort of thing.

Comments welcome.