I have a ZD 1100 (FW 9.4) installed in a flat 172.30.1.0/16 Network (no VLAN, no Layer3 device). Default Gateway for this Network is a Firewall (one internal Interface in the 172.30.1.0 Network, one external Interface to the Internet).
The ZD has two Wireless Networks configured, one for internal users, one for Guest users. Guest users can log in and Access the Internet without a Problem.
The Problem is that users who are connected to the Guest can also access ressources on the internal 172.30.1.0 Network altough the ACL should prevent this.
I have read the user Manual and it states that there are 3 ACL rules for the private Networks which will always be active and which will be enforced on the ZD and on the AP. I can see These ACL in the configuration and they are set to deny.
My question is: Why can a guest user access a Server in the 172.30.1.0 Network and how do I prevent this from Happening? Will I Need to create a seperate VLAN for the guests or can there be a missconfiguration?