We have different networks in a same template with autovpn between them. We want to isolate a subnet in (VLAN10) so it can't communicate with RFC1918 addresses in the network BUT we want that all vlans10 in other networks can talk to each other. What is the best practice to do it?
Right now I have a firewall rule in the outbound layer 3 section that deny any traffic from vlan 10 to RFC1918 addresses. Is it enough or should I add deny rules in site-to-site outbound firewall as well?
