Just a little note with something that caught me out ...
I was using dashboard.networks.updateNetworkGroupPolicy to update group policy L3 firewall rules from CSV files that come from other sources.
The API doesn't validate all invalid destinations and converts some of the cases to "any", which changes the intent of the firewall rule considerably (as opposed to just throwing an error).
For example, a destination with an asterisk in the middle, "test*.test.com", or a destination with a slash in it, "test.com/test" gets converted to "any".
I think I will change my validation to only allowing characters from a known valid set and checking for strings containing an asterisk that is not at the beginning.
It is hard trying to think of all the cases these users come up with!
