Opnsense firewall on bridge, how to isolate clients

[openaspace]

Hello.
I run opnsense firewall with public IP on the wan vmbr0 and virtual proxmox network bridge 192.168.30.0/24 on vmbr1 assigned to opnsense(...30.1)

How I can isolate some VPS from others inside the virtual Lan?

I need to create for example another virtual Lan IP/class like 10.0.0.0/24 with opnsense gateway for DHCP client on 10.0.0.1 and set a firewall rule to avoid access from each other Lan?

I'm wrong?

I can do something proxmox side? ( Considering that is opnsense to manage behind wan clients?)

 

[B.Otto]

Hello,

well you can create another bridge vmbr2 that is for the 10.0.0.0/24 subnet and give your opnsense firewall another interface connected to vmbr2. Then the only connection between the 10.0.0.0 and the 192.168.30.0 subnet is through your opnsense, where you can configure everything needed.

Kind regards,
Benedikt