> russ wrote..
> >>BTW you could probably also write a custom IPS definition to catch
> >>some of
> >>these and then leverage the IPS priority structure to get it in and
> >>out of
> >>your protection profile, but that's getting a bit advanced. :-)

> Specially for me ,I spent m whole life writing ERP/CRM systems,
> This last statement seems like ancient Greek for me.
> Marcello

In the MR5 releases of 3.0, you can set up virtual domains. VDOMs can
be thought of as organizational groups in a company and separate
policies for each can be used. They all share the same global set of
IPS, virus and content definitions to save on memory, and you can add to
them and have them available in each VDOM. You can also assign
different admins to each VDOM if there is a need. This way you can
filter very effectively across multiple groups and allow different
access for each. It's a little confusing at first and needs some
polish, but should be very nice for the final release.