Create Identities from an IP list (like this) and enforce based on your rule base configuration. Using the Identity API will provide IP list updates without having to install policy each time an IP is added to the list. The created identities will be stored inside Access Role objects. The main use-cases for this is for IP black-listing / white-listing and is a great alternative to using fw sam.
- Identity Web API enabled on gateway (More on that HERE)
- Access Role Object in rule base and policy installed to gateway
Example Rule With Access Role Object
Running The Python Script
PDP Table (Identity Table) Entry On the Enforcing Gateway