I have a policie like this:
security policies from-zone trust to-zone untrust policy trust-to-untrust-common
match {
source-address any;
destination-address any;
application any;
}
then {
permit {
application-services {
application-firewall {
rule-set common-customers;
}
}
}
}
I want to exclude one destination IP. I tried to set:
address-book address source-nat-ip 1.1.1.1/32
.........
destination-address [ filter-exceptions source-nat-ip ];
But it breaks down all traffic.
Where am I wrong?
Thanks!