Tip: You can use two rules to protect a large number of servers. Configure rule 1 to match services you do not want to detect and set the detection option to Ignore. Configure rule 2 to match any traffic and set the detection operation to Detect.

Tip: In NSM, you can create address objects and service objects to facilitate configuration. One benefit of using objects is that you can configure them once and then use them in multiple rules. For details, see the NSM documentation.

Note: The Traffic Anomalies rulebase is a terminal rulebase–that is, Traffic Anomalies rules are inherently terminal rules. If a Traffic Anomalies rule matches, IDP does not process subsequent rules.