About the block response

For Network IPS appliances, the block response is a default response that blocks attacks by dropping packets and sending resets to TCP connections.

The block response for an appliance differs depending on the operation mode:
Mode Action
Passive Monitoring Sends resets to block only TCP connections.
Note: You can disable resets by using tuning parameters, disabling the block response in security events, or by changing X-Force® default blocking to Never.
Inline Simulation Monitors network traffic and generates alerts but does not block the offending traffic
Inline Protection Blocks attacks by dropping packets and sending resets to TCP connections
The appliance mode is set when the appliance is installed. For information about changing the appliance mode, see Configuring security interfaces.