My network is composed of LAN and Wifi network.
I have a Wifi network for guest and I want my WiFi Guest network can not see my LAN.
the wifi guest is configured with:
Client IP assignment NAT mode: Use Meraki DHCP
Layer 3 firewall rules from Wireless > Configure > Firewall & traffic shaping > Block IPs and port
# Policy Protocol Destination Port Comment Actions
1 Deny Any Any Any Block LAN
2 Deny Any 10.52.222.0/23 Any Network LAN
Layer 7 firewall rules from Wireless > Configure > Firewall & traffic shaping > Block applications and content categories
# Policy Application
1 Deny Remote IP range 10.52.222.0/23
Note: The segment 10.52.222.0/23 is mi netwok LAN.
Can you help !!!!!
Do you actually have clients on your guest SSID able to reach clients on your LAN right now? From the wireless firewall settings you've described I don't think guest clients should be able to see you LAN.
Policy - Deny
Protocol - Any
Destination - Local LAN
Port - Any
Comment - Wireless Clients accessing LAN
With the Firewall & traffic shaping rule (which is predefined above) and Meraki DHCP enabled on your WiFi wireless guests should not be able to ping or reach the LAN network.
All your other rules are not necessary.
Just to avoid confusion, wireless clients on your Guest are seen on the Network-Wide -> Clients page! But this does not mean they can see the LAN network.
Just put your computer on the guest and try to ping your local lan.