I have the below firewall rules. There exist a 192.168.33.0/24 network on a separate vlan. This network is only to be reached from 192.168.11.0/24, and should no be able to reach the Internet or anywhere else. While capturing packets on LAN, I still see packets to and replies from outside ip-addresses. No group policy applied to the network in question. What am I missing here?
I have tried to make a dedicated deny rule for source 192.168.33.0/24, and although the hit counter increments I still see outside packets when capturing.
![HGME-JHJ_1-1603185150689.png HGME-JHJ_1-1603185150689.png](https://community.meraki.com/t5/image/serverpage/image-id/15286i6986268A22B4F427/image-size/medium?v=v2&px=400)
![HGME-JHJ_0-1603185085387.png HGME-JHJ_0-1603185085387.png](https://community.meraki.com/t5/image/serverpage/image-id/15285i244FD61A0473B6D0/image-size/medium?v=v2&px=400)