Some signatures from our IPS are tuned to send a TCP Reset when triggered. When this happens, the PIX denies each and every one of the 200 TCP Reset packets (per instance) from the IPS device (reference error %PIX-6-106015 in syslog). Apparently, the PIX sees all of these resets as a "hijacked" session (rightfully so) and discards them. As this occurs, it seems the original traffic that the IPS intended to dissuade (by the use of the TCP Reset) still makes it to rest of the network/intended target. Any ideas on how to tell the PIX to allow these IPS TCP Resets to take place?