As soon as an admin logs in, they become the associated user of this "server" traffic. Anythign they may really be initiatin gets lost. So it's a bit pointless.
Thats why we exclude the servernetworks completely. All servers have specific firewallrules for exactly what they need without internet access. The logins on the servers are restricted to the users that really need to install/change something on the servers, so it isn't possible that an admin from team A connects to a server of team B. So at least in our case it makes more sense to exclude the networks instead of the users, just in case an admin somehow logs in on a device located in the clientnetwork we will see this also in the firewalllogs.
In most cases physical firewalls (with vsys enabled).
Are you asking about the access frol the servers or the access to the servers? The second is also restricted with groups on the servers itself to the people that need access.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!