Try using the source addresses 1.1.1.1/1 plus 128.1.1.1/1 to effectively cover all IP’s making it equivalent to ANY. You will have to create 2 rules per action.
Say for example you want to block ALL traffic from ANY going to subnet 192.168.115.1/23. You need these 4 rules, one pair for TCP and one pair for UDP
You would create the following rules:
Source | Port |Dest|Dest Port| Protocol| Action
1.1.1.1/1 | ANY | 10.115.199.1/23| ANY |TCP | DENY
128.1.1.1/1| ANY | 10.115.199.1/23| ANY |TCP | DENY
1.1.1.1/1 | ANY | 10.115.199.1/23| ANY |UDP | DENY
1.1.1.1/1 | ANY | 10.115.199.1/23| ANY |UDP | DENY
The L2/L3 rules would be like this:
SOURCE |DESTINATION |PROTOCOL | ACTION
1.1.1.1/1 | 10.115.199.1/23 |ICMP ANY | DENY
128.1.1.1/1 | 10.115.199.1/23 | ICMP ANY | DENY