We rescently had to add 100 firewall entries for p1*,webroot ect to our firewall.
wildcard firewall entrys are not recommend by most vendors due to stress put on the firewall resolving the incoming packets
a better dns architucture and amazon ip services would be better.
google dns for example
our symantec message labs services is something like cluster6.apac,symantecloud.com.