This is a normal message when a vulnerability scan is run against the management port. Vulnerability scans typically attempt to access the management port to retrieve a banner. The device responds with a false banner, resets the connection, then logs the event to the system log. Therefore, this can be correlated to either an approved vulnerability scan or non-approved nefarious discovery attempts. In other words, during a vulnerability scan, the IPS logs the connection attempts to the system log.
The SSH connection reset occurs when the device closes the SSH socket due to these failed connection attempts. If there is an unauthorized SSH scan, then you will need to locate the source and remove it. The IPS device will only log the attempt to indicate that it has performed a Connection Reset on the management port.