When writing an Access Control rule, you want to keep it simple. Here are some tips for simplifying an Access Control rule:
- Use CIDR blocks rather than individual IP addresses whenever possible.
- Use port ranges rather than individual ports whenever possible.
- Use security zones whenever possible.
- Do not overspecify rules. Examples of non specific Access Control Rules:
- Having many individual IP addresses
- Using a large list of URLs
- Having unnecessary rules that could be combined into one with a broader criteria.
Important: When creating an Access Control policy, it is important to keep in mind that one Access Control may generate multiple expanded Access Control rules.