About protection domains

For Network IPS appliances, use protection domains to define security or user-defined policies for different network segments that are monitored by a single appliance. Protection domains act like virtual sensors, as though you had several appliances monitoring the network. You can define protection domains by interfaces, VLans, or IP addresses.

Global protection domain

Each appliance has a global protection domain that cannot be deleted. All events are listed under the global protection domain. Use the global policy to configure events that are applied across all segments of the network. When the appliance uses the global policy, it handles events in the same way for all areas of your network.

If you want to configure polices for specific segments on your network, create protection domains for each segment.
Note: Always enable rules for flood and sweep events in the global protection domain. Flood and sweep attacks generally affect multiple targets that are potentially spread across protection domains. Enable these rules in the global protection domain to help ensure that these attacks are detected and reported correctly.