I've limited OS mapping and APR to a specific set of IPs (my inside network), but I still see outside IP addresses showing up in the list of learned OS. is this normal? I tried clearing out the learned OS list, but am still seeing the outside addresses populating.
I've seen this on 7.03(2)E4 and 7.0(3)E4 and on 3 different units (2 AIP-SSM20s and a 4240).
This is expected behavior - the setting restircts the calculation of the Attack Relevenacy Rating to the configured range, not the actual OS identification process.