Hi, you can isolate IoT devices to DMZ and create special rules for each
direction. For example: IoT to WAN open Internet access (NAT all
ports/services) + DNS, IPS profiles. LAN to IoT permit route only
HTTP/HTTPS (for most devices is enough) + IPS ...