You’re over thinking it, if you want to block those two domains then just add them to the block list that should block them.   The documentation you read about whitelist, blocklist and why you can do it one way and not the other is to do with how rules are processed, in your case it’s not relevant if all you’re trying to do is block those two domains. Whitelists are processed first, and if there is a hit then the domain is allowed. If the domain isn’t listed in the whitelist then the blocklist is tested. When a domain is tested the subdomains are iteratively removed, thus if you whitelist a parent domain it will always hit the parent during testing, and never get tested against the child in the blocklist. Hope this makes a bit more sense now. ... View more

@EricM_WSC if you simply assign an port as access to the new VLAN on the switch nearest the Watchguard and another on the switch nearest the rest of that network, does that work.  No interface on the VLAN or any other config. ... View more

Just registered here to ask the same question.   My client has a user working remotely that needs to access a secondary VLAN. Can't for the life of me figure it out.... ... View more