UAG 5100 seperating the lan

Eddwood

Hello Support team,
I am going to use the UAG5100 for my hotel. I have an extra gatway for my UAG. So I set the WAN Port as an ethernal (that works well), the Lan1 for my manage Lan, and Lan2 for the guests. I hope this is the correct way to do so.
lan1 has the privat IP adress (192.168.0.10) without dhcp. It is only to manage the UAG.
lan2 has the privat IP 10.60.1.1/22 for guests.
dmz at the moment isn´t in use.
It works well, the guest PC (test in my office) gets the right IP (10.60.1.5) and force me to enter the code. Well done. But I can still connect to my mgmt lan1 and to all my devices (switches, APs and Router). I do have to set same rouls to prohibit this, but I don´t know how.

Zyxel_Charlie

@Eddwood
You can create the profile as below on security policy to fulfill your scenario.
The rule should be configured: From:Lan1 to Lan2, Action: deny. and From:Lan2 to Lan1, Action: deny. 

Eddwood

Thanks Charlie for answer. I will try that.

Eddwood

Any ideas? I still can´t use it.
I figuered out, that the internet connection is not on WAN, but it use the Lan1 port. So I have more problems. Any admins here to help me out to fix my problems?

Zyxel_Charlie

@Eddwood
You can create the profile as below on security policy to fulfill your scenario.
The rule should be configured: From:Lan1 to Lan2, Action: deny. and From:Lan2 to Lan1, Action: deny. 

Eddwood

Thanks Charlie for answer. I will try that.

Eddwood

OK, it works.Thanks Charlie. 
Next question. 

I would like to use a gateway for wan1. Not for lan1. Lan1 is only for managing the USG. In lan1, however, there is also a router that is on the Internet. My UAG is currently not getting the gateway from wan1 but from lan1. Can i change that?