What' s the difference between reset & drop?

I believe a drop literally drops the packets. A reset sends a RST back to the source. IMHO, the drop is a better way to go when using IPS but I could be wrong.

In my experience, a " reset" results in a slightly better end user experience. If it is a web based app, the browser won' t time out. It will just return a blank screen. If the traffic is dropped, you are more likely to have a browser time out which appears to look more like an Internet/firewall problem to the end user. . .and is more likely to result in call to the help desk. I guess it depends on your users.

Ahaa, I do understand now. But at the traffic level, when the configuration is " drop" the connection, established by the endpoints, still remains but the packets are dropped right?. And when the configuration is reset, the session, i.e. the connection is broken and therefore all further packets are dropped consequently to the first action taken.? Correct me if I am wrong, please.

That sounds right to me, but perhaps someone else could confirm.