QUESTION about WIFI setup

Hi folks,

because of limitations within IPv6, VLANs and clientless matching in firewall rules I have decided to move away from VLANs.

The requirement is seperate wifi networks for IoT, phones and printers.

I have been experimenting with WIFI SSIDs in seperate zone, doesn't seem to work.

I created a new SSID in seperate zone and assigned it an IP address from the current IoT DHCP. Then created a DHCP server using the same interface in a sub range of the IoT /24. Now that seems silly to me?

Next I tried to add my seperate zone SSID to firewall rules, but it is not selectable and I need to create a new network object with at address range to be able to use the new SSID as a source.

What have I missed? I don't believe I should be able to setup a configuration like this when I really want to isolate the new SSID from the other networks to improve security.

Ian