Isolating networks in Sophos

Question

Hello, i have been trying to isolate two networks. 
 Internal=192.168.0.0/24 
 Public=192.168.99.0/24 
 I have external DHCP server on 192.168.0.2 
 There are two scopes for those networks,which are combined into superscope (from what i understood VLAN is better solution). 
 The problem is that i can't isolate these two networks. 
 I have tried to create firewall rule to isolate two networks which was unsuccessful. 
 Also i have tried to prevent public network from accessing internal network when by using the web proxy. 
 ----------------- 
 After that i tried to create another network Public2=192.168.101.0/24 on separate interface in sophos (sophos was acting as dhcp server) 
 And still i wasn't able to separate two networks. 
 What bothers me most is that sophos doesn't log the connections between the networks. 
 Any help would be greatly appreciated.

BAlfson · Accepted Answer

By default, the firewall drops all traffic not explicitly allowed, so that Drop rule is unnecessary. Actually, there is less information in a line from a logged, explicit drop than in a default drop line. 
 See #2 in Rulz to understand why the Web Proxy captures the packets from "Public (Network)" before firewall rules are considered. 
 If you're using Web Filtering in Transparent mode, add "Internal (Network)" to the Destination Skiplist on the 'Misc' tab of 'Filtering Options' and don't select 'Allow HTTP/S traffic for listed hosts/nets'. If you have other entries in the Source and/or Destination Skiplist, you will need to make firewall rules to allow the desired traffic. 
 You might be interested in a document I maintain that I make available to members of the UTM Community, "Configure HTTP Proxy for a Network of Guests." If you would like me to send you this document, PM me your email address. I also maintain a version auf Deutsch initially translated by fellow member hallowach when he and I did a major revision in 2013. 
 Cheers - Bob