What is the internal value of the Attack Relevancy Rating for the system with relevance=not-relevant. I do not see any difference for the system with relevance=unknown. In the attachment you will find the example of an attack? It is OK or not?
- Not-Relevant : -10 for promiscuous mode and no change for inline mode.
From the above adjustments sensor is behaving as it is supposed to be in your case. Since the risk ratings are same for system with not-relevant and unknown OS, looks like your sensor is in inline mode.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...