Isolate Guest-Network Hosts

[aulin]

Hello,

I set up the guest network according to the instructions:
https://docs.opnsense.org/manual/how-tos/guestnet.html

But now i have a question to the firewall rule:
Block -> Interface Guestnet -> Source Guestnet net -> Destination Gestnet address

The access to the firewall GUI is blocked, but the clients in the Guestnet can talk to each other. How can i isolate them completely?

Thanks
aulin

[Gauss23]

That is nothing the OPNsense can do. The switch or access point needs a port/client isolation function (only traffic to upstream gateway is allowed). Unifi switches for example can do this.

[aulin]

Thank you for the information

[rudydevolder]

I thought this would work: (BUT NO)


Protocol   Source                    Destination             Description    
IPv4          V_GUESTS address   V_GUESTS address   Block access between clients

But turning on client isolation on my WiFi works  ;)

[chemlud]

I thought this would work: (BUT NO)


Protocol   Source                    Destination             Description    
IPv4          V_GUESTS address   V_GUESTS address   Block access between clients

But turning on client isolation on my WiFi works  ;)

Besides wifi-isolation there is no way to block traffic between clients within the same subnet/interface. The traffic simply doesn't go through your sense, clients talks to each other directly.