When building an IP Firewall Policy, is it possible to create a group of IP addresses? For example, I have 3 Active Directory Domain Controllers and I don't want to have to create 3 sets of the same rules.
You can accomplish this using Device Classification. But that assumes that you assign unique device classifers to three sets of access points and that each set of access points uses a very specfic domain controller. Device classification is quite useful if you ever want to build firewall policies by location.
However, for what you are looking to accomplish, I doubt device classifiers is what you want. So the simplier answer is that you can create a firewall rule for either an IP address, IP range, wildcards, IP network or use an IP object with device classification rules.