i have a confusion regarding IP-actions which stop future attacks with matching attributes...
why do i need to use it when the IDP policy itself stop the attack and record the target source address ???
IDP policy evaluation going through all rules is a quite time and CPU-cycle consuming task.
If the same attack ( same packet) comes in again and again, with IP-action the attack is stopped without further evaluation of the IDP rules.
( it is like a cached result you are using before evaluating the packet further)