I have the M1250, it has been running fine in the inside network with customs policies. Now, I am ready to add the dmz server into the sensor. But what are the best practices for DMZ into the sensor? Do I apply my customs policie to the DMZ or the default IPS? Or better yet, is DMZ policies? Attached is the actual policy applied to the sensor.
Policies really depend on the applications you are hosting in your network. I would suggest you go with default IPS policy and disable all the applications or protocols you are not hosting in that segment but if you are terminating VPN in your DMZ then I would suggest you use the default IPS policy as this traffic may traverse to your internal network