You can create a session ACL in the role for your users that allows UDP Ports 16384 to 32766 and then blocks traffic to
192.168.10.0/24
192.168.11.0/24
192.168.12.0/24
192.168.13.0/24
You can then allow traffic to whatever else your clients need to get to.
Why you would NOT do this however, is that it becomes very difficult to troubleshoot traffic issues if you have a long list of blocks and permits...