I've followed https://community.ubnt.com/t5/UniFi-Routing-Switching/USG-How-to-block-internet-access-for-a-single-... and have a group for insecure devices that are blocked from the internet.I can tell they're blocked as I'll go to their apps and they wont show up, or my camera will stop sending out ios notifications.The only way I can get it to work is to put it at the very top of the LAN IN list:The rule is set up as:Before Predefined RulesDropNew, Established, RelatedSource - InsecureDevices GroupSource Port : AnyDestination: AnyDestination Port: Any If I move that rule to anywhere other than the very top, it stops working, as in I see traffic coming out from the insecure devices (but then my vpn access works)But with it in this configuration the LAN to insecure access is working. But any traffic from my VPN LAN (192.168.50.x) seems to fail to get to the insecure devices which are in my regular lan (192.168.10.x)I did try an explicit 192.168.50.x rule to InsecureGroup Accept. But that didn't seem to help either.
↧