Yes, internal LAN is being routed on the firewall. It is a very simple class C (192.168.0.x)
No VLANs at this time, no subinterfaces.
Also, just want to confirm that this will just restrict access out to the internet, I still want internal hosts to be able to reach this IP, and I want to be able to access it with a VPN session running from the outside.
Re: Command(s) to block internet access to LAN host
Honestly you may just want to create a separate nameif/interface and IP network for this host. That way you can just use an ACL to block everything aside from internal connections to/from that host on the specific nameif.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...