Can you verify the HOME_NET variable is not overridden inside the policy tree, and set to inherit your values down to the correlation engine?

How can I verify that the HOME_NET variable is not overridden? It was not set to inherit.

If you already have configurated your Local Network setting, so I recommend you to use the context instead of the variables as EXTERNAL OR INTERNAL_NET.

Examples of Context:
Context (In) [Internal to Internal]
Context (In) [Internal to External]
Context (In) [External to Internal]
Context (In) [External to External]

Answering your second question related to inherit, I believe that you are seeing the rule at Correlation Engine Level. If you want to change the overall setting, you should change this value at the root policy. (Local ESM/Physical Display)

But as I said, try to work with context instead, this setting will respect your Local Network setting.

Lucas

Just in case, have you configurated the Local Network Settings?

You can configure "home net" in 2 places, that is the variable in the policy editor and the Homenet called Local Network that is a "setting".

Any IP addresses into Local Networks is considered "internal".   This is used for many correlation rules context. 

To configure Local Network:

• Open the System Properties
• Select Network Settings and click Local Network -> Setup
• Enter the IP ranges that define your internal network.  Local Network is defined as a comma-separated list of IP addresses and/or IP ranges.  Click OK to save.

Lucas