Rule duplication

Rule appears more than once.

To resolve this problem, delete the duplicate.

Rule shadowing

Rule shadowing occurs when two rules are designed to detect the same attack, and the first rule is either a terminal match rule or contains a more severe action than the second rule. In these cases, the second rule will never be applied.

To resolve this problem, modify or delete one of the rules.

Protocol mismatches

Protocol mismatches occur when a service object that is specified in the Service column of the security policy uses a different protocol from that specified by the default service binding of the attack object for that rule. Remember that the service binding specifies the service and port that the attack uses. Because two different protocols are specified, the IDP engine cannot match attacks for the attack object.

To resolve this problem, set Service to Default.

Any-Any-None rules

Look everywhere for nothing: any source, any destination, and no attacks. This rule can cause severe performance penalties.

To resolve this problem, specify network objects for the destination and attack objects for the attacks.

Any-Any-One rules

Look everywhere for one thing: any source, any destination and one attack object. This rule can cause severe performance penalties.

To resolve this problem, specify network objects for the destination.

Unsupported options

Rule contains options that are not supported on the target device.

To resolve this problem, upgrade the target device or remove the option from the rule.