Is it possible to block guest/internet wifi from ping and http/https to Route10 IP address?

ccie3366 · May 16, 2026, 4:22am

I configure wifi guest users on 192.168.0.0/16 network.

and other internal users at 10.10.10.0/24

Wifi setting set to “Internet”. and its VLAN has isolation enabled. i even configured these 2 firewall rules (they appear as 1st and 2nd entry in the firewall rule tables) but wifi guest users still can ping and http/https to Route10 ip addresses - 192.168.11.1 or 10.10.10.1 (these are route10 IP addresses for its respective VLANs).

Is there a config step that I missed?

ebuckland81 · May 16, 2026, 5:51pm

Did you try disable the default allow all ping rule? Otherwise that may be letting that kind of traffic through. You may have to make sure any specific ping/icmp block is above that rule.