There seems to be a bug in ESM where you can only add a /24 subnet address to a firewall ACL.

What I am trying to achieve is a limited ruleset so remote clients can get DHCP and DNS anywhere, connect to private IP ranges so they can authenticate against a local proxy (e.g. airport lounge public internet) and are then restricted to the IP address of our SSL VPN.

I want to add the range (and filter to local web traffic only) however ESM Console returns an error when I try to add an range greater than /24.

I can add or or individually. (all 255 of them)

I also need to add in a rule for the private ranges and, but don't feel like adding them in individually along /24 boundaries, all 65,000+ of them.

Is there a plan to allow proper subnet rules under ACL lists?