diff --git a/src/content/docs/magic-firewall/how-to/enable-ids.mdx b/src/content/docs/magic-firewall/how-to/enable-ids.mdx
index 7c4f4672fe7454..662c1ad3a149b7 100644
--- a/src/content/docs/magic-firewall/how-to/enable-ids.mdx
+++ b/src/content/docs/magic-firewall/how-to/enable-ids.mdx
@@ -78,6 +78,13 @@ Similarly, sending a patch request with the `enabled` field set to `true` will e
 
 </TabItem> </Tabs>
 
+## IDS rules
+
+IDS rules are run on a subset of packets. IDS also supports the current flows:
+
+- Magic Transit ingress traffic (when egress traffic is handled through direct server return).
+- Magic Transit ingress and egress traffic when Magic Transit has the [Egress option enabled](/reference-architecture/architectures/magic-transit/#magic-transit-with-egress-option-enabled).
+
 ## Next steps
 
-You must configure Logpush to log detected risks. Refer to [Configure a Logpush destination](/magic-firewall/how-to/use-logpush-with-ids/) for more information. Additionally, all traffic that is analyzed can be accessed via [network analytics](/analytics/network-analytics/). Refer to [GraphQL Analytics](/magic-firewall/tutorials/graphql-analytics/) to query the analytics data.
+You must configure Logpush to log detected risks. Refer to [Configure a Logpush destination](/magic-firewall/how-to/use-logpush-with-ids/) for more information. Additionally, all traffic that is analyzed can be accessed via [network analytics](/analytics/network-analytics/). Refer to [GraphQL Analytics](/magic-firewall/tutorials/graphql-analytics/) to query the analytics data.
\ No newline at end of file