The idea is a very basic task in every company. You have two wifi’s, one for employees and one for guests.
The guest wifi is not supposed to access internal resources.
Setup
At first you go to Wireless > SSID.
Here you select your guest wifi (or add one) and select edit Settings.
Alternativley, if you already configured a guest wifi, you can go to Wireless > Access Control.
Here you select the correct SSID, decide if users should be redirected to a Splash Page when connecting to this wifi and then select NAT mode. This setting isolates the client in a separate network and blocks communication between each of the connected devices.
After that you save the canges BEFORE clicking on SSID firewall settings.
The correct ID should already be selected. Change the already existing firewall rule commented “Wireless clients accessing LAN” to Deny.
Now Clients connected to that wifi should not be able to reach resources from the LAN anymore.
Cheers, Ori