Forum Discussion
Chris_Grant
Oct 05, 2017Employee
Are your users coming in from the global internet then, or are they coming from a specific intranet? You can still use the exclusions list, but it's more work.
Another option would be to duplicate your policy and have a transparent policy that is an exact match for your blocking policy, but is the default for the virtual server while the 10.10.10.0/24 network is sent to the blocking policy.
This would require you to be disciplined about changes, but would probably be the simplest way to handle this.