Deleting SNORT Protection Rules from the Multi-Domain Server

To delete SNORT protection rules from the Multi-Domain Server:

Connect with SmartConsole to the Multi-Domain Server to the mds context.
From the left navigation panel, click Multi Domain > Domains.
Right-click on the Global Domain and select Collect to domain.
From the left navigation panel, click Security Policies.
Open the applicable global policy.
In the top section Threat Prevention, click Policy.
In the bottom section Threat Tools, click IPS Protections.
From the top toolbar, click Actions > Snort Protections > Delete all Snort protections.
Publish the session.
Close the SmartConsole connected to the Global Domain.
From the left navigation panel, click Multi Domain > Global Assignments.
Reassign the Global Policy to the Local Domains.
Connect with SmartConsole to the applicable Multi-Domain Server that manages the applicable Security Gateway or Security Cluster.
Install the Threat Prevention Policy on the applicable Security Gateway or Security Cluster.

Action on SNORT Protection Rules

The Security Gateway enforces SNORT protection rules based on the profile which is installed on the Security Gateway. For example, if the profile installed on the Security Gateway is Optimized, by default the Security Gateway does not enforce SNORT protection rules, because their performance impact is High and the allowed performance impact defined in the Optimized profile is Medium or lower.

To override the profile settings for a specific SNORT protection:

In IPS Protections, right-click a SNORT protection and select Edit.
Note - The SNORT protection names start with Snort imported.
Right-click the profile and select Edit.
In the Main Action area, select Override with.
From the drop-down menu, select the required action.
Click OK.
Click Close.
Publish the session.
Install the Threat Prevention Policy.

Note - The images here follow the example described above. If you are on a different profile, or want a different action, change steps 2 or 4 accordingly.