Difference between "Action" (IPS policy rules) & "Recommended Action" (IPS signatures)

Question

There is an action field found in both the IPS policy rules and the signatures that make up those rules. Both fields have similar options (few more on the Rules side) which, per the Web manual, appear to have identical functions. 
 What is the difference here? 
 For example, let's say I have a rule set to Drop the Session but all of the signatures in that rule are set to Allow the Packets - what would happen? 
 Does one take precedence over the other? If not, who wins?

FloSupport · Answer

Hey cyberzeus 
 The action field found in the IPS policy rule, is the global action taken for all of the selected IPS signature rules enabled within that individual IPS policy. Therefore if you were to select the global action Drop Session, the session will still be dropped even if the signatures contained within have a recommended action to Allow Packet. 
 I hope that was able to clarify your inquiry. Please share a screenshot of your IPS policy rule you have configured if you would like further clarification. 
 Regards, FloSupport | Community Support Engineer

FloSupport · Answer

Hey cyberzeus 
 You would create an IPS policy with a rule configured at the bottom that covers all of the signatures and set with the "recommended" action. You would then configure additional rules on top with the signatures selected that you would like to explicitly allow/deny/drop. A top-down approach would be taken in determining what action to perform on the traffic. 
 See my screenshot below: 
 I hope this clarifies your inquiry. Regards, FloSupport | Community Support Engineer

Mohammad Tomazih · Answer

Action 
 Select an action to be taken from the available options: 
 Available Options: 
 Recommended : This action means that you want the OS to handle this alert level according to best-fit recommendations. 
 Allow Packet : Allows the packet to its intended destination. 
 Drop Packet : Drops packets if it detects any traffic that matches the signature. 
 Disable : Disables the signature, if it detects any traffic that matches the signature. 
 Drop Session : Drops the entire session if detects any traffic that matches the signature. 
 Reset : Resets entire session if detects any traffic that matches the signature. 
 Bypass Session : Allows the entire session if detects any traffic that matches the signature