I'd like to +1 this request and add that it would also be desirable to have granular control of access between VLANs via firewall rules (perhaps under the advanced settings menu?)

The default behavior seems to be to allow all VLANs to route between each other, which is unfortunate. There needs to be an ability to segment things like NVRs and Point of Sale servers into VLANs and only allow certain IP addresses to connect to them on certain ports.

Hey @Shad0w / @DarklightRanger 

I fully appreciate the need to start configuring firewall rules, and how to manage that on a per-VLAN basis.

We've made some changes, so I thought I would shoot you guys a note here on the community.

• We've moved VLAN creation to the Networks tab, and dubbed them wired networks
• When creating or modifying a wired network, there is a toggle for secure
  • A secure network has L3 firewall rules automatically created to deny all inter-VLAN traffic on the LAN, just allowing outbound (not inbound) connections only for the devices on that network. The idea here was to prevent a guest network user or some evil actor on the LAN from seeing a point-of-sale network, but still let these secure networks build VPN tunnels or otherwise secure outbound connections.

I'd love your feedback on this feature! As we continue to feel out the UI for firewall rules and how to manipulate them, we'll all start to see more granular controls come into play (for instance, controlling which VLANs can talk to each other, and a toggle for internet access to be disabled if required).