Hi,

I want to insert new deny line under existing ACL. I am using below steps, Please confirm if i am missing any step.

1. create object-group
object-group network TEST_SITES
description TEST_Sites
network-object <Test Site IP address>
network-object <Test Site IP Address>

2. Insert new ACL rule just s per below in the existing block ACL for access-list INTERNET_ACCESS

access-list INTERNET_ACCESS line 2 extended deny ip object-group TEST_SITES any

3. New ACL

access-list INTERNET_ACCESS extended deny ip object-group GREEN-Sites any
access-list INTERNET_ACCESS line 2 extended deny ip object-group TEST_SITES any
access-list INTERNET_ACCESS remark Inbound DNS Rule for Internet Server
access-list INTERNET_ACCESS extended permit udp any4 object-group RED_SITES eq domain