Hello community,

I need help configuring two completely isolated networks that can both access the internet. I've tried several configurations without success.

**My scenario:**

- **Main router**: TP-Link Archer AX72 connected directly to ISP

- **Secondary router**: TP-Link Archer AX53

- **ISP**: Provides a single public IP in bridge/transparent mode (doesn't act as router)

**Desired topology:**

```

ISP (bridge mode) → AX72 (192.168.1.x) → AX53 (192.168.2.x)

```

**Important constraints:**

1. **I cannot swap the routers** because the AX72 already has multiple port forwarding rules and other services configured that need direct access from the internet

2. The AX72 must remain as the main router handling PPPoE/DHCP connection with the ISP

**Objective:**

- Network A (AX72): 192.168.1.x - Main network with existing services

- Network B (AX53): 192.168.2.x - Secondary network completely isolated

- **Complete isolation**: Neither network should be able to "see" devices from the other

- Both networks must have full internet access

**What I've tried:**

- Connecting AX53's WAN port to AX72's LAN port

- Configuring different IP ranges on each router

- Enabling/disabling various security and firewall options

**Problems encountered:**

- Devices from network A can access devices from network B

- Can't find advanced firewall options to block traffic between subnets

- Isolation is not complete

**Specific questions:**

1. Do TP-Link Archer routers have firewall capabilities to block traffic between specific subnets?

2. Is there any specific configuration I should enable/disable to achieve complete isolation?

3. Is this possible with these models or do I need a router with more advanced capabilities?

**Additional technical information:**

- Updated firmware on both routers

- Current configuration: AX72 in router mode, AX53 in router mode (not AP)

- DHCP enabled on both routers with different ranges

I appreciate any guidance or experience you can share.

Best regards