I started investigating why nothing was logged as an alert or blocked via IDS/IPS. When I went to check the "outside" adapter I found that there was NO IDS/IPS policy in place. What would you all recommend I start with on this? Is there a specific setting in the policy to prevent these kinds of attacks? I was thinking of starting with MEDIUM. I also set the notifications on the rule to tell me if there are 500 attempts made in a 5 minutes period. THANKS!