Hello,
I have enabled et telemetry version, enable all their rules, enabled suricata and ips mode on lan interface only watching the correct subnet.
However the behaviour is kind of strange, i was trying out the p2p ruleset with torrent and some of the traffic got blocked but in "alerts" tab it says action allowed, so i created a policy with these settings:
enabled: yes
rules: all the rules
action: alert
new action: drop
everything else is unchanged in the created policy.
After applying this policy it still says action "allowed" in alerts tab.
Thanks for help.
Well it appears i had to reset configuration and after applying policy once again it started to work