SummaryThere are some cases were certain types of traffic - such as multicast traffic being sent to a public IP, where no explicit network objects are made for it and as such, inherit their network type.
OverviewTraffic being labelled as 'external' and 'internal' depend on the network objects in an Exinda appliance. There are three potential types of location that a network object can be specified as: Internal, External or Inherit. Inherited network objects will use other network objects with subnets that are supersets of the subnets contained in it. By default, there are 2 network objects on the Exinda: an 'ALL' network object containing 0.0.0.0/0 which is 'external' and a 'private net' network object which is set to inherit.
Typically, network objects are created specifically to be able to prioritize and make policies for certain IPs or subnets in a user's environment and those can be set individually to 'internal', 'external' or 'inherit'. In cases where there are no specific network objects that are made for specific IP addresses, they will attempt to be put into another network object that is the closest superset of it. For example, 192.168.3.0/24 would belong to the network object for 192.168.0.0/16 if there were no closer matches.
This means that occasionally, traffic going to IPs that are unexpected - such as multicast traffic, might be classified as external traffic when it is really coming from or being multicast to internal hosts, simply due to the fact that there is no specific network object set up for it and the closest superset to it is a network object that is external in nature. This type of situation can be avoided by ensuring that there is a specific network object for the traffic by navigating to Configuration > Objects > Network and editing or creating a new network object.