I have 2 questions about how to accomplish something with the firewall rules. First being with the VPN. I created an address object using the mac address of a laptop. I then created a rule in zone VPN > LAN Deny All. Above that, I put a rule that says allow Any service from "MAC address object" to ANY. With the deny all rule enabled, the laptop cannot access anything when connected to the VPN, with the deny all rule disabled, it works fine. I have verified the MAC address is correct. My goal is to stop anyone besides that laptop from accessing the LAN if they somehow logged into the VPN.
2nd question is, I have my main LAN on X0 and I have a server with 3 local IP's on X3 that all have static routes setup. They are on the same subnet as X0. I need to disable any kind of access between X0 and X3 internally. Can i create a firewall rule from LAN > LAN saying deny all?