Secure your network with a default deny policy. Use user-scoped access rules to create different access rules for employees, vendors, and contractors directly in the Web GUI.
Limit firewall rules to a range of IPs (CIDR) or a single port
Use IP and port-based access rules to enforce least privilege. Allow port 443 for employees to access a self-hosted web app and restrict port 22 for admins to access SSH.