For Network IPS appliances, use protection domains to define security or user-defined policies for different network segments that are monitored by a single appliance. Protection domains act like virtual sensors, as though you had several appliances monitoring the network. You can define protection domains by interfaces, VLans, or IP addresses.
Each appliance has a global protection domain that cannot be deleted. All events are listed under the global protection domain. Use the global policy to configure events that are applied across all segments of the network. When the appliance uses the global policy, it handles events in the same way for all areas of your network.