Home_net/External Net question

[Seth Art <adidas30 () yahoo com>]

Background:

I have 2 firewalls, each monitoring 3 subnets.  

Subnets a, b, and c and VPN pool1 are going out/coming
in though firewall one.
Subnets d, e, and f and VPN pool2 are going out/coming
in though firewall two.

On my sensor inside of Firewall 1 HOME_NET is 
[a,b,c,vpnpool1]
On my sensor inside of Firewall 2 HOME_NET is
[d,e,f,vpnpool2]

EXTERNAL_NET on both are !$HOME_NET

I often get ICMP and other rules that trigger going
from either [a,b,c, vpnpool1] to d,e,f,vpnpool2] even
though they are both really my "home" network.

Here comes my question.  Should I keep everything the
way it is.   OR should I:

a) keep the home_nets the same but make a new variable
 called entire_home_net and include all 6 subnets and
both vpn pools and negate THAT for the external_net

b) add subnets a-f and both vpn pools to the home_net
var on each sensor (i don't think so) 

c) a third suggestion

Thanks,

Seth

=====
REPLY TO:     adidas3 () optonline net


        
                
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage!
http://promotions.yahoo.com/new_mail 


-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users