https://community.sophos.com/utm-firewall/f/network-protection-firewall-nat-qos-ips/135396/deny-access-between-to-networks-on-one-interfaceHi. We have sophos sg 310 UTM. We have internal networks 192.168.0.0/23 and 192.168.4.0/24 on one of the interface. When i try to connect wifi router which is in 192.168.4.0/24 via web interface example: https://192.168.4.2 from network 192.168.0.0/23en-USTelligent Community 12https://community.sophos.com/thread/500463?ContentTypeID=1Thu, 14 Jul 2022 07:59:54 GMT4be5eb7d-caa4-4ff5-8e60-8f9463545a35:69ac7149-73dc-4d3c-8ee7-475be145597dVivek Jagad<p>Hello <a href="/members/besik-chitidze">Besik Chitidze</a>,<br /><br />Thank you for reaching out to the community, Firewall rules work from top to bottom fashion, you if the traffic for both the subnets do reach on the FW i.e. [<span>192.168.0.0/23 to 192.168.4.0/24] then you may create a FW rule with both subnets in source and destination with action drop/reject and then create another rule on top of that rule for [192.168.0.3] with the action allow.&nbsp;</span></p><div style="clear:both;"></div>