I have a MAX BR1 to setup with a high cost satellite on the WAN port.
Wile using Satellite, I would like to the block everything but specific local IPs or subnet in order for our crew connected to a secondary SSID to be able to access these IPs/subnet.
But as soon as we switch to 4G or Builtin WiFi WAN it let them go through.
have a look in the Outbound Policys.
Normal User VLAN Priority to 4G, second WiFi WAN
Special User VLAN Priority 4G and second WiFi WAN, third WAN1 (SAT)
Basicaly the admin who’s connected on LAN 1 and WiFi must have full access to the whole network.
Crew members connected to LAN 2 through access points or any switch connected must not have access to the Satellite connected to the WAN port, although they can access GSM (4G/5G) WAN.
Create a VLAN e.g. 111 for the Admins and a VLAN e.g. 222 for the Crew. Then you can easy use the Firewallroules to disable Crew members to the admin network.
The Admin Laptop is connected ofer WiFi not WiFi WAN I think, isn’t it?
So you can create a Admin WiFi SSID with VLAN 111 on it.
Yes Admin Laptop connected to WiFi, I meant by that he could use WiFi WAN as he will be close to the router.
This is a boat setup that will travel, there will be multiple external access points to cover each area.
When the Pepwave is set to 5G WAN or WiFi WAN in first priority, Crew should be able to use it.
The only they must not be able to use is the Satellite WAN.