If your goal is just prevent specific subnets / destinations from being reached, you might consider:
Security & SD-WAN > Configure > Firewall then add Layer 3 outbound rules to deny traffic to ?.?.?.?/14 (or certain IPs)
 
 
 
					
				
			
			
				
	If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.