This is kind of weird. I am running a Netgear Orbi mesh system in AP mode with OPNsense. The Orbis do not have VLAN functionality. The Orbis support a guest SSID for which I can set the IP range. I want to isolate the guest network from the rest of my network.
Assume my main network is 192.168.1.x/24 (set by OPNsense) and the guest is 192.168.2.x/24 (set by Orbi). Everything works fine, guest devices get to the internet and unfortunately can also access the main network. How do I block the guest IP range from LAN, but let it continue to get through WAN?
Necessity is the mother of invention!
Install a switch capable of vlans, replace the ap's with ones that can use vlans, or install more NICs in your FW and add vlans to them.
Or look at your APs and see if they are capable of some type of isolation (still not a complete fix).