This stems from the desire not to fire off an alert for the Generic SQL HTTP Injection rule if the 'victim' is not an internal IP address, so if I'm barking up the wrong tree, feel free to redirect me.
I plan on using an Event filter such that the IPS does not alert for the above mentioned rule when the victim is a webserver outside my LAN. Reading posts over 2 years old here, the 'best' way was to do like 0.0.0.0-184.108.40.206,220.127.116.11-255.255.255.255 assuming I used all the 10.x space. I have many non-contigious ranges so this is shaping up to suck.
Is this still the case, or has cisco come up with a system variable that represents outside IPs. Can I create the inside range and make outside not equal to inside, etc? The documentation seems to be lacking in this area, any help would be appreciated. Thanks!