Devices on WiFi IoT segment cannot communicate with each other

[DCHuber]

First - thanks for the great guide. I have wanted to set something like this up for a long time and the SecurityNow plug for your document shoved me off the fence.

I've configured my setup nearly identical to your guide, with the exception that I added a second UAC-AP-LR on the eth2 rather than configure a wired second network. Everything related to that is working great.

The issue I'm having is that I need to have the devices connected on my WiFi IoT network be able to communicate with each other. I tried editing the Firewall rules related to that segment but nothing I did seems to matter. While I can connect to the internet from the devices, and access them from my Home Network, they cannot ping or resolve each other on the segment.

My use case is that I have a simple web cam running on a raspberry pi that I would like to have publicly available via a second server running IIS. I also have some work related systems that communicate to various sensors I've got running throughout my environment. I need to be able to aggregate the data on those devices to a central host.

I hope I've explained the issue well enough, and thanks again for putting together this guide.

[mjp66]

It is likely the guest policy setting of / for the Access Point. This seems similar to Issue #9 If you disable the guest checkbox, you may need to add more firewall rules to the ER-X to maintain isolation.

[DCHuber]

Thank you - that was the issue. I should have spent a bit more time reading the issues here before posting. I will test to see if there are any additional firewall rules that need to be applied.