Hey there.
Certainly make sure CSM is added as an allowed host.
CSM may also need to have a trusted HTTPS certificate to manage the device and download SDEE logs.
When you add the device to CSM inventory, right-click on it and view device properties. Go to the credentials tab. You will want to specify HTTP credentials that can log in to the device, as well as confirm tcp/443 (or tcp/80) can actually reach the IPS over your network - try to https:// in your browser directly to your 4402.
Make sure the device type also specifically says IPS. There is an authentication certificate thumbprint feature you may have to update.
Can you push policies? Did you import the license file within CSM for the device?