Hi!
I would like to know from you guys if there is a best-practice rule in terms of the IPS action? I am wondering if it is better to only block (and have all those signatures processed daily by the IPS engine) or quarantine the source IP for, i don't know, 1 day or something like that, to save the resources of the box and either receive a fewer number os malicious hits.
Feel free to hint.
