With R80.10 IPS, the "Internal hosts only" option in the gateway settings is no longer there. I was told by an SE that Internal hosts only is now the default, and that to go back to protecting traffic in all directions with IPS requires some kind of workaround. Is that true? I had been thinking that in R80.10 all IPS traffic, inbound and outbound, was protected, and that to get to protect only internal hosts would require a rule in the Threat Prevention IPS policy. Can anyone give me some insight how this really works?