My network is composed of LAN and Wifi network.

I have a Wifi network for guest and I want my WiFi Guest network can not see my LAN.


the wifi guest is configured with:


Client IP assignment  NAT mode: Use Meraki DHCP


also with 


Layer 3 firewall rules from Wireless > Configure > Firewall & traffic shaping > Block IPs and port


# Policy  Protocol  Destination        Port  Comment      Actions

1  Deny   Any           Any                     Any   Block LAN

2  Deny   Any    Any   Network LAN 


also with 


Layer 7 firewall rules from Wireless > Configure > Firewall & traffic shaping > Block applications and content categories


# Policy     Application 

1 Deny       Remote IP range


Note: The segment is mi netwok LAN.


Can you help  !!!!!








so guests can still access your lan clients?

Do you actually have clients on your guest SSID able to reach clients on your LAN right now? From the wireless firewall settings you've described I don't think guest clients should be able to see you LAN.

By you having NAT and meraki DHCP enabled the guest aren't seeing your internal LAN. Guests can't even communicate with each other by the way.
correct the guests should not see the LAN

But you can see it and I do not want that to happen.

I do not know if I need to configure something else ???
What can I do or change?
Policy - Deny

Protocol - Any

Destination - Local LAN

Port - Any

Comment - Wireless Clients accessing LAN


With the Firewall & traffic shaping rule (which is predefined above) and Meraki DHCP enabled on your WiFi wireless guests should not be able to ping or reach the LAN network.


All your other rules are not necessary. 

Just to avoid confusion, wireless clients on your Guest are seen on the Network-Wide -> Clients page! But this does not mean they can see the LAN network.


Just put your computer on the guest and try to ping your local lan.


