fail-close

■ fail-close—Enabling this ips command option will cause all traffic flows assigned to the
IPS policy to be dropped if for any reason the AIP-SSM fails. This is the recommended
setting, as it is the most secure of the two options.