Hi,
I would like to drop all traffic to and from several IPs (prefer to have them in an address-set), what would be the easiest way to achive that?
I have looked into creating global policies but since that requires me to convert my addressbook to a global addressbook, I really prefer not to use that solution since the policy is to be deployed on several firewalls.
So, to make things clear. I have several IPs out on the internet that I want to drop all traffic to and from.
Like this:
src=any, dst=bad_IPs, action=deny
src=bad_IPs, src=any, action, deny
bad_IPs is an address set containing blacklisted IPs.
Does it make any sense?
Thanks in advance.