Group Policy applied to Template - Allow one IP from subnet
I was hoping to get some help to see if something i want to do is possible. I have a template that applies specific settings to 46 of my locations. I want to create a new group policy that says "Block all internal traffic EXCEPT one specific IP in each site". Do the group policy rules allow any variable when placed into templates? For example, one of my sites uses 172.21.99.0/24. Is it possible to have the group policy on the template level say "Allow access to 172.21.X.20" where X is the site subnet (99 in the example above)?
If you are in a greenfield scenario (networks and MX's haven't actually been deployed yet) you could accomplish this using the "Unique Subnetting" option in the template which will then generate unique address ranges for each network based on the parameters you provide.
The other possible option would be to use the Dashboard API interface for Networks and Group Policy which I would not recommend you do if this is your first attempt at using Dashboard APIs unless its a greenfield as well.
Sadly it is only the security appliances on site and they have already been deployed...Any other thoughts on how this may be possible? I would even be willing to say ANY IP of 172.21.*.20 if that makes it easier but it didn't seem like the template would take anything but a CIDR