Allow any service vom particular network? Currently ends in default drop

Question

Dear all 
 I have created a new network "IoT". It should become the home for all devices I don't trust in my network. Such as playstation, weather station, radio... 
 I would like to allow all outbound traffic from that particular IoT network. But currently all outbound traffic runs into a default drop on the firewall log. 
 The blocking happens with firewall rule #1 "IoT (Network) -> any -> External (Network). However, If I set: The blocking happens with firewall rule #1 "IoT (Network) -> any -> Any, it is working. 
 Of course, if I set the allowed destination network to "Any Network", I have traffic in my regular network. This I would like to avoid. 
 Could somebody help me with it?

Kind regards 
 Novice

BAlfson · Accepted Answer

You want the traffic selector to be ' IoT (Network) -> any -> Internet IPv4 '. The 'External (Network)' object includes very little - hover over it with your mouse and you will see. 
 Yes, ping is special. Refer to #2 in Rulz . 
 Cheers - Bob

Ol Deda · Answer

To clear something: 
 Rule 1 should not exist, no traffic is going to External Wan but through. 
 I dont get the question very clear. Anyway if you want traffic from one network and not from other, you should define different networks ranges. Example (1) 192.168.2.0/24 (2) 192.168.3.0/24. In this case an extra interface or VLAN is required. 
 But lets not complicate the things. 
 Define those devices as hosts with IP Addresses an maybe create a group "lot" with those hosts 
 One Rule in the top for the Group "lot" should be sufficent