"External" addresses should be considered internal

[MichelB]

Ok I'm not quite getting this topology thing. Perhaps I didn't phrase my issue right, but I hope you get what I mean anyway.

We have 2 sites, both with a standalone 4200 appliance with Gaia 77.30 installed. These sites are connected through a EVPN (MPLS) setup.
Consider the following example:



The interfaces on both appliances that lead to the 172.16.1.0/24 network, are set to 'Internal' in both topologies, because, in my opinion, they shouldn't be considered external. Now, when I have traffic traveling from one of the internal networks on site A to an internal network on site B (192.168.1.1 to 10.0.1.1) or vice versa, the appliance considers this traffic from an external source, thus being processed by my IPS and Application/URL filtering blades. I don't want that.

I want my appliance on site A to realize that data coming from 10.0.1.1 is internal traffic, and the same goes for site B receiving traffic from 192.168.1.1.

How do I configure this?

[laf_c]

Did you try using Network Exceptions on IPS blade menu?

[MichelB]

Did you try using Network Exceptions on IPS blade menu?

I did not, because it's not just the IPS blade that's involved when traffic is considered internal <> external. For example, I have SIP traffic between the 2 sites and it's being processed by the Application/URL filtering blade, which I don't want.

I've failed to mention that the networks of site B are added to the interface group on the external interface on site A, and vice versa.



But I'm still seeing traffic coming from site A going to site B being processed by the Application/URL filtering blade.