Need Help with Access Control Rule: Allow Group of IPs Too Access Internet but Not LAN Systems
Hello,
I have a TL-R600VPN and I'm trying to configure an access control rule to allow a set of systems (192.168.1.5-1.92.168.1.10) to only be able to access the internet. This is essentially the equivalent of a Guest subnet.
I don't want those systems to see or interact with any other system on the LAN for those systems (ICMP, http, https, VNC, etc.).
I've been able to block ICMP in this fashion through testing, but when I try using the ALL protocol the same way, it doesn't work. VNC still works, for example.
In my mind, the most obvious config for the ACL seemed to be:
Policy = block
Service Type = All
Interface = all
Source = GuestRange
Destination = IPGROUP_LAN
Effective time = any
...but that's not working.
I have no other rules in place, so there isn't a concern with the ID (placing above or below another rule).
Can anyone tell me what I'm missing? Thanks!