Hello @mbw,
To extend on @Michael234 guidance, there is two firewalls available
- between the WAN & LAN sides of the network
- between the VLANs
There is no ability to firewall on the same LAN/VLAN segment of the balance routers (and from my checks that includes the SD switch series), if you want to operate a firewall between the physical LAN ports, you will need to assign each of them to a separate VLAN and then setup suitable rules between the VLANs.
Have a look at this previous reply, it highlights six different threads on setting up VLANs, most of it is to do with InControl2 though there is some good information there.
You can also do this search within the forum “how to setup VLAN”.
Happy to Help,
Marcus 