The group policy is able to override AMP setting but not IDS / IPS. There is no exclusion of IDS / IPS for particular subnet or IP address is available at this moment. IDP / IPS works between LAN port and Internet ports, and also between VLANs (Subnets). Thus, the setting is enabled / disabled network-wide for detection / prevention to work for securing the entire network.
... View more