I am doing some testing to see if something like this is possible without having to setup firewall rules for each specific device. The devices will not be using wireless, which has the option of client isolation built in. What I want is to have one interface port dedicated to a specific subnet and attach a non-managed switch to it (so no VLAN support), have the UTM give out DHCP, and isolate each wired connection (basically each DHCP lease) just like the wireless can, and allow each client only access to the internet. I have someone who is wanting to setup an emergency business center where people or businesses can bring in their own devices and connect but not be able to cross communicate with each other (for security reasons). Since this would be for revolving unknown devices, I dont want to have to setup a bunch of firewall rules for each possible/unknown device connection and dont want it to be an ongoing hassle for myself. It would seem that if the Wireless protection can easily do this with a click of a box that a wired connection would have the same ability, but I am not seeing this option. Any help or direction is appreciated!
Quote