I think I have found a similar issue here: https://community.tp-link.com/en/business/forum/topic/672230

If so, any timeline on when it would be released? This seems like a pretty obviously lacking feature...

  @Vincent-TP Thank you, but the goal is to achieve all of the conditions on the same 2 networks. As such, let's say there are two networks: Public (10.50.0.0) and Private (10.25.0.0) and one particular host in Private (10.25.0.2)

I want:

- PERMIT all unidirectional traffic from Private to Public

- DENY all unidirectional traffic from Public to Private, except for when destination IP is 10.25.0.2

If my current understanding is correct, this is not achieable with the current firmware, correct?

The reason for this is that currently:

- Switch ACLs are the go-to when one wants to allow a particular exception in subnet block. This would work, however, the block is bidirectional.

- Gateway ACLs allow for unidirectional blocks (stateful), however, I cannot use IP_GROUPs in these ACLs (when doing LAN-LAN, IP_GROUPs are available in LAN-WAN, but that does not help me)

Vincent-TP wrote

Hi  @SecretlyBald 

 

To achieve unidirectional VLAN access (point 1&2) , you need an Omada gateway.

For detailed steps, please refer to User’s Application Scenario Ⅵ: Unidirectional VLAN access in Controller in the following faq:

How to set up Access Control of TP-Link Omada Router in Standalone and Controller

 

 

To achieve point 3, please refer to step 2-4 in the following post:

How to allow guest network to access specific device on the main network by configuring EAP ACL?