@jdsilva, Thanks for your help. So, if this is correct, I will then only do my L3 rules in the MX to prevent unwanted restrictions. I know that, in the MX firewall rules, the rules are applied in the order of appearance. With that in mind, if I'd like a specific subnet to have access to specific IP adress, but nothing else, what would be the proper rule? Can I do deny all, then allow only one IP address? Example: Allow 10.0.12.0/24 to 10.0.1.100/32 deny 10.0.12.0/24 to 10.0.1.0/24 Or would I have to create two deny rules: deny 10.0.12.0/24 to 10.0.1.0 to 10.0.1.99 deny 10.0.12.0/24 to 10.0.1.101 to 10.0.1.254 Or am I overthinking this? thx
... View more