Firewall Rule

[inetjnky]

I have a firewall rule that's not working right and not sure why.

Protocol = IPv4+6 *
Source = CAM_INET_ALLOWED (Alias)
Port = *
Destination = |PrivateNetworks (Alias)
Port = *
Gateway = *
Schedule = *

CAM_INET_ALLOWED Alias is set to Type Host and has 3 internal IPs under contents.  It is Enabled.

The |PrivateNetworks alias is also enabled and used in several other VLANs, however the Source for every other VLAN is "(vlan name) net".

When I change the non-working rule to "IPCAM net" the IPs start talking to the internet, but so do all my cameras, and I am trying to isolate the cameras from talking to the internet and only allow a few devices on the vlan to actually talk to the internet.

[cookiemonster]

what are the contents of |PrivateNetworks alias and "IPCAM net" ?
What you would want is two rules in that interface where the cameras you want to isolate sit. One set to quick to block IN to destination * with source your alias of the cameras.
Then another rule below it to allow, to whatever destination you need; either to * or to another VLAN.
So the principle is to have a rule that blocks followed by one that allows. If they are reversed in order, the allow trumps and the traffic won't hit the block.
Can you revise your rules? Otherwise please show all rules on the relevant interface.