Hi @trekpluto,

Routers see traffic that it routs between two networks. Lan to Lan traffic doesn't go through the router (same network) and thus no firewall rules would apply. The solution is to put the cameras in a separate VLAN and then you should be able to create the firewall rules you need.

  @D-C thanks, i get the lan part in its isolated segmented environment.

I see access control under firewall and want to restrict internet acccess to the cameras on its no internet access vlan, maybe create a "tunnel" where vlan30 (cameras) get access to limited internet, but i don't see those parameters in firewall as lan to wan is fully blocked but would like to do lan to lan but it doesn't give me options in source or destinaation to do this, only shows the names of my vlans.  

i tried to create static route for vlan30 (blocked vlan for cameras) but it doesn't show in firewall options (acccess control) again under source and destinations

any other preferences to i could use to create limited access for vlan30 without fully blocking it?

  @trekpluto 

you cannot use ip port group or ip groups on router lan to lan acl, to achieve this you must use switch acl,

  @MR.S Thank you. Will give that a try, looks very detailed

  @MR.S the web interface that i see for er605 is missing port statistics and rate control. Is there another interface that i should use? Don't see where inter vlan would be setup, any suggestions would be valuable

  @trekpluto 

Are you using the router in stand alone? Then I think it's acl lan to lan, but I don't know how to configure the router in stand alone. So then you almost just have to read the user manual for the router.