- Bronze, 100 points or more
The IPS 7.x docs state that with Reputation Filtering enabled "the sensor denies access to malicious hosts that are listed in the Global Correlation database." So I assume that means that even if no signatures are matched/triggered, the mere fact that the destination IP address is in the GC will drop the packet.
If so, does this happen silently, or is an event/alert created? If its silent, is the "ReputationFilterRuleMatch" stat from the "show stat analysis" command on the sensor the right place to look?