On the OMADA controller I have the default LAN, Lan for mobile devices and guest lan, in the following order:

Default: 172.16.20.1/24 - Gateway 172.16.20.1

Mobile: 192.168.10.1/24 - Gateway 192.168.10.1

Guest: 192.168.15.1/24 - Gateway 192.168.15.1

Controller: 172.16.20.150

I need to block access to the gateway's web interface for each LAN, I configured an ACL Rule Gateway, direction LAN-LAN, Deny All Protocols from Network: Mobile and Guest (for tests) Destination: Gateway Management Page, but all devices are blocked to access internet.

I tried other rule, on Switch ACL, polocy Deny All protocols, source Network: Mobile (for test) Destination: Ip Group and I created a Gateway IP UI e configurei 192.168.10.1/32, but the smartphones show connected to wifi, without Internet.

I would like to understand the correct way to block access to the gateway's web interface to apply in my cenario. Many smartphones like Samsung have a option "manage router" on wifi settings, and the omada controller is a snitch, it shows which IP of the controller is managing the router "Note: This Gateway is being managed by Omada Controller 172.16.20.150, so I must block web UI of the gateway on ALL VLANs