I'm trying to get VLAN1 to talk to VLAN2, but it's not happening beside from pinging each other.

 

More specific;

On VLAN1 I have my home devices (desktops, laptops, smart phones, etc.), and on VLAN2 I have IoT-devices (Sonos, cameras, vacum machine, etc.).

I would like to talk to VLAN2 from VLAN1, and at the same time prevent VLAN2 talking to VLAN1.

 

Since Sonos-devices and Spotify integration are made available through Bonjour Services, I tried to add them first:

* Profiles -> Bonjour Service -> Create New Bonjour Service

  Service Name: Sonos

  Sservice ID: _sonos._tcp.local

 

  Service Name: Spotify

  Service ID: _spotify-connect._tcp.local

 

  Service Name: Google

  Service ID: _googlecast._tcp.local

  -||-: _googlezone._tcp.local

 

Next, the services are broadcast across the network:

* Service -> mDNS - > Create New Rule

  Name: "IoT to Home"

  Device Type: Gateway (AP is not available)

  Bonjour Service: All

  Service Network: IoT (VLAN2)

  Client Network: Home (VLAN1)

 

Lastly, I setup ACL on the gateway:

* Network Security -> ACL -> Gateway ACL -> Create New Rule

  Name: Home to IoT

  Direction: LAN -> LAN

  Policy: Permit

  Protocols: All

  Source -> Network -> Home (VLAN1)

  Destination -> Network -> IoT (VLAN2)

 

* Network Security -> ACL -> Gateway ACL -> Create New Rule

  Name: Deny IoT to Home

  Direction: LAN -> LAN

  Policy: Deny

  Protocols: All

  Source -> Network -> IoT (VLAN2)

  Destination -> Network -> Home (VLAN1)

 

Currently I am able to ping my devices from VLAN1 to VLAN2, but I don't get messages through Wireshark of their 'mdns'-messages.

If I change to the VLAN2 network, Wireshark picks up a lot of them, but nothing while I'm on VLAN1.

 

Any suggestions on how to solve this issue?