Hi,

I really do not understand how the acl rules works.

I have 4 VLANS setup. 2 of them are Home and IoT.

I have rule under Switch ACL which Deny (all protocals) IoT Network to Home Network.

Under IoT VLAN I have nvidia shield with moonlight app (game streaming)

Under Home VLAN my PC with Sunshine app (game streaming)

Both devices are connected to the same switch. PC to port with Home VLAN Profile and Shield to port with IoT VLAN Profile.

If the rule is disabled I can establish connection and all is working fine.

When rule is enabled there is no connection which is expected becouse Home can talk with IoT Network, but IoT can't answer to Home (that is how I understand this).

I have created 2 Profiles:

IP Port Group profile with all needed ports and Shield IP Subnet 192.168.0.43 / 32

and second profile IP Group with IP Subnet 192.168.20.10 / 32 which is my PC.

New Allow Rule which is above of deny rule: Allow IP Port Group (Shield with specific ports) to IP Group (PC)

I still cant establish connection so I was thinking maybe I do not have all ports included in profile so I opened a full range 0-65535, but still no luck.

I created new profile IP Group with Shield IP address 192.168.0.43 / 32 and I changed ACL rule to Allow IP Group (Shield) to IP Group (PC) and is working fine.

I do not understand why rule IP Port Group to IP Group is not working.

I have another situation like that between my Home Assistant and PC where IP Port Group to IP Group desent work.