Z1 set with 192.168.210.0/24 for the LAN and 192.168.209.0/24 for the VPN
All Permanent clients have been assigned Static IPs to allow remote port forwarding and remote support.
Trying to isolate one PC on the INTRANET (LAN CLIENT) from seeing or interacting with any of the other Devices inside the 192.168.209-210 INTRANET
Currently using an AC1200 WiFi Router (Model R6120) with a static IP on the WAN (192.168.210.65) ... the PC plugged into the Netgear LAN basically has its own domain of 192.168.1.0-254 ... BUT ... it can still connect to any of the upstream IP's in the 209-210 network ... is there some way to restrict this IP access to the 209-210 network?
I tried to put the AC1200 in front of the Z1 and use the AC1200's DMZ feature but the Z1 features specifically the VPN failed to work in this configuration ... AC1200 by default, has VPN pass-thru enabled ... the Z1 VPN failed with DMZ on AND off.