I have the same question. We're looking at enabling IDS/IPS on our AutoVPN spoke MX's, but that has the adverse effect of bricking the vulnerability scans against clients/devices behind the spokes. The only exceptions I thought I saw were for particular rules, rather than particular IP's.
... View more
