I have a TL-R600VPN and I'm trying to configure an access control rule to allow a set of systems (192.168.1.5-220.127.116.11.10) to only be able to access the internet. This is essentially the equivalent of a Guest subnet.
I want to disallow everything on the LAN for those systems (ICMP, http, https, VNC, etc.).
I've been able to block ICMP in this fashion through testing, but when I try using the ALL protocol the same way, it doesn't work. VNC still works, for example.
The most obvious config for the ACL seemed to be:
Policy = block
Service Type = All
Interface = all
Source = <range listed above>
Destination = IPGROUP_LAN
Effective time = any
I have no other rules in place, so there is no concern with the ID (placing above or below another rule).
Can anyone tell me what I'm missing? Thanks!