Isolate single WiFi client using Guest Connect and/or Firewall on the AP?

I have a system with two networks, a trusted untagged LAN and a VLAN for untrusted devices. Unfortuantely, it seems that UPnP doesn’t work on the VLAN (see UPnP port forwarders for VLan gateways )

One solution is to move the untrusted device (video game) onto the untagged network, allowing UPnP to function. But this of course violates my design of keeping unstrusted devices on the VLAN.

I think I want to enable Guest Protect, but only for a single WiFi client? I’m running 8.1 beta on a balance one, and managing 3 AP One Minis. But I don’t think that’s possible, if I’m understanding the instructions here: "guest protect" feature available on Balance 20, 30 LTE, One, 210 /310

Right below Guest Protect there is also a Firewall Settings option.

I guess I’m confused about how these two features interact. Is the Firewall a part of Guest Protect? Or completely separate?

1 Like