In cisco ASA firepower 6.
GroupA is a set of IP addresses , I want to block 2 URL categories and then the rest should be allowed. I have put a default last rule as deny all.
Now for this do I need to create 2 policies
Policy1 - Inside to Outside, GroupA to any, 2-URL-Categories, BLOCK
Policy1 - Inside to Outside, GroupA to any, ALLOW --->> Here because the URL categories were not called rest will be allowed.
In other vendor firewalls I have worked with URL Groups where I make a group and allow deny there only and then apply that or assocaite that group with any ACL. In Firepower it works a bit different I believe