Setting up two isolated VLANS?

I am working on setting up the MAX BR1 as a router for my RV to be able to work from anywhere. I like to put my work computer on a different network than my personal devices. I have created two VLANS ( work is VLAN 10 on 172.16.0.0/24 and personal is VLAN 20 172.20.0.0/24 ) and APs for each.

How do I create firewall rules to make sure that VLAN 10 and 20 cannot see each other and so that VLAN 10 cannot access the Pepwave Web Admin?

Two ways to deny the inter-vlan traffic:

1. Quick and easy, go to where you configure the VLANs and untick the “inter-vlan routing” option, however this may not be ideal as if you add another VLAN down the line you’d maybe need to enable it again at which point you’d need a firewall rule anyway…

Screenshot 2022-11-15 at 18.10.17.png2016×1660 370 KB

2. Add a firewall rule that denies traffic between them, you do this under the “internal” firewall rules list and you’d want something that looks like this, consider enabling logging if you wanted so that any denied attempts to send traffic between the two VLANs would appear in the system logs.

Screenshot 2022-11-15 at 18.12.24 1.png2016×1660 585 KB

To stop vlan10 accessing the Peplink GUI I’m not actually sure there is a button for this, I believe this has been asked for before and although there are firewall rules available for traffic coming from WAN interfaces towards services on the Peplink like the GUI, SNMP, SSH etc. that obviously doesn’t help here.

You could try adding a rule to the internal list like above denying any traffic sourced from 172.16.0.0/24 towards 172.16.0.1 TCP:443 and see if that works for you?