In Security Appliance --> Configure --> Firewall you could add a layer 7 rule that denies any traffic from 220.127.116.11./16 to 0.0.0.0
You may need a rule before it that allows traffic from 18.104.22.168/16 to other subnets that have corporate servers if there are other subnets.
Traffic from a device in the 22.214.171.124/16 should be able to contact another device in the same subnet without being routed.
If the clients are not already in a group policy then you could put them in one that has custom network firewall and shaping rules with a firewall rule that denies any traffic to any. Or you could block by default and instead add the devices that are allowed on the internet into a group policy that allows internet traffic.
In Network wide --> Configure --> Group policy you add a group. In that group you give it a name, select Custom network firewall and shaping rules in the Firewall and traffic shaping section, then you add a firewall rule with a deny policy with any protocol to any destination. Save that. Then you go into Network wide --> Monitor --> Clients. Check the box on the clients you want to block from the internet and click on the policy drop down and select group and select the group you just made.
I have to provide internet on same subnet IPs.
If I understand you correctly, no problem
Using supernetting, you could, for example set up
both of which may be addressed using 192.168.2.0/23.
So 192.168.2.0/24 and 192.168.3.0/24 are part of the same supernet 192.168.2.0/23.
I have define a subnet 126.96.36.199/16 with VLAN 200 and assign this vlan to multiple ports. I want to restrict some users to do not browse internet but to access the corporate servers and data.
From a management point of view, the simplest thing to do is split the VLAN into 2 groups, one of which cannot access the internet and the other which can. Otherwise, if there is an identifying attribute you could use to sort the sheep from the goats you could apply a rule.
Or give the users with no internet access a DHCP server that only handles the corporate servers.