I'm getting ready to enable a few critical performance IPS protections to satisfy some requirements from a vulnerability scan by our SOC. I only need to enable these protections for only a couple of servers, so I was going to clone my existing Optimized profile that I'm currently using for all traffic and enable these necessary critical performance IPS protections on this new profile. I will apply this new cloned profile to those servers as the protected scope and place it above my existing rule.
My question is regarding the performance impact - By enabling these critical performance protections, does the pattern matcher for these critical signatures apply to ALL traffic entering the gateway, and then only the IPSs protection are *enforced* per the new cloned profile I created?
Is only the traffic to/from those servers having the pattern matching applied, therefore, the scope of my potential performance impact is significantly reduced.
Hope this makes sense...