Use the Firewall Rules page for the Network IPS appliance to order your firewall rules. The appliance reads the list from top to bottom in the order they are listed and applies configured actions.
When a connection matches a firewall rule, further processing for the connection stops, and the appliance ignores any additional firewall rules that you set.
The first rule allows all traffic to port 80 on host 1.2.3.4 to go to a web server as legitimate traffic. All other traffic on that network segment is dropped. If you reverse the rule order, all traffic to the segment is dropped, even the traffic to the web server on 1.2.3.4.