When you create Traffic Management filters, you can modify the sequence in which they fire by selecting a filter and using the Move Up and Move Down buttons at the bottom of the screen. In general, more specific filters should come first. For example, a more specific IP filter might block traffic with fully qualified source and destination IP addresses and ports. More general ones, like those that apply to subnets, should follow.

Other filters inspect packets that match "allow" or "rate-limit" filters. In other words, the system does not allow attacks through because the packet matches an "allow" filter. You can also set the filters to trust traffic. Trusted filters instruct the IPS not to inspect the traffic, allowing the traffic to continue without comparing it with any other filter rules.