How do I create an ACL that permits a range of addresses, as defined in a network/host object, but negates selected addresses within that range?
A. It is not possible to create a network object that includes a range but excludes certain addresses within that range. Instead, create two ACLs. The first ACL should define those addresses that you want to deny. You can create a network/host object for that purpose. The second ACL, which should immediately follow the first, should define the range of permitted addresses, as defined in the other network/host object.
Related Questions
- How do I create an firewall rule that permits a range of addresses, as defined in a network/host object, but negates selected addresses within that range?
- How do you select a chart object and create a dialog panel that permits editing of that objects properties?
- How to create a route object when the matching IP range is not allocated or assigned from the RIPE NCC?