Jeff, I think you may be asking a question that has a moving target for an answer. Maybe your best bet is to log into a PAN appliance and look at the signature list to see what the signature's default settings are. Every sig has its own default action, which could be reset server, reset client, reset both, alert, drop, drop all packets. These default actions are assigned by the PAN threat team when the new signature is added to the threat database.
Checkpoint IPS is known to trigger a very high rate false positives, which can severely limit its effectiveness. While no vendor can guarantee zero false positives, I believe PAN does a much better job in this arena. In part because of the efficiency that AppID gives you when married to IPS, the ease of use, and also in the implementation of the IPS signatures by PAN's threat team.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!