I have configured firewall rule to block ip address 10.33.1.100 (example) for both inbound and outbound. so I think anything goes from 10.33.1.100 should be blocked by all sep clients. which is blocking also but clients shows a message for Active response intrusion prevention stating that ip address 10.33.1.100 has been blocked by sep for 60 seconds.
Now my question is while I have a firewall rule applied which states that all communications from 10.33.1.100 will be blocked by the firewall then why this ips message appears on clients.
which one is first line of defence firewall or IPS