I have a MARS20 configured to a IPS4240 placed between internet & LAN, and i want to stop my internal network to stop triggering the incidents and stop producing false positive; based on the assumption that my LAN is secure.
So I have created a drop rule to log to DB, source-192.168.0.0 255.255.0.0, remaining parameters as Any.
The rule is active, but i still get incidents w source from LAN.
am i missing something?
Cash