I have a question about creating a rulebase for my FWSMs. We have certain subnets behind a FWSM interface that need to have outbound http access restricted so that they can reach public IPs, but not most of the private ranges.
I come from a Checkpoint background where you did this by putting all your internal nets in a group and then 'negating' that group in the policy to represent public or 'non-internal' nets. Can I do this in ASDM or CSM without having to list all the public IP ranges?
Any ideas or suggestions?
Thanks!