My own network consists of a vlan dedicated for IoT devices like these smart plugs that's gated by a firewall. The setup went fine. The smart plug can connect to my wifi dedicated for IoT devices and happily does it thing (I am blocking all outbound tcp/443 requests to the internet so I am not enabling remote control). My homeassistant machine, which is on a different vlan, has no problem connecting to the smart plug and managing it by allowing tcp/9999 to it. My phone, when switched to a different wifi network at home, also can connect to the smart plug over tcp/9999 but after a minute, it drops off and greys out. I have to connect my phone into the same IoT wifi network again to restore access. As soon as I connect back to my other wifi network in my house, it again greys out after a minute or so.
Here's the kicker. My phone, when it can't connect to the smart plug, has no problem pinging the smart plug or seeing the port tcp/9999 open using nmap scanning. So clearly at tcp layer there is no problem but there's something else going on between phone app and plug. My homeassistant has no problems maintaining connectivity.
NOTE: FWIW I updated the firmware to 1.4 and issue is still there.
EDIT: Nevermind. After researching this some more, smart plugs and probably all of their products are wholly dependent on their management software hosted in AWS if you want to use a phone to manage it from a separate wifi. You can't use layer 3/route it internally to work. I'm guessing there's something layer 2 that the app does with the smart plugs.
I'm fine with just letting something else do it for me at home like HA, which works, and just use the phone for the initial setups.