Guest Network to Private

Alas, what you want cannot be done.   The first generation of Netgear Orbi (WiFi5) provided an option for devices on the Guest WiFi network to communicate with devices on the primary network:

When the AX (WiFi6) product line was introduced, that option was removed, and has never been provided since.

 

Originally, one could imagine two reasons to have a Guest WiFi.

• So that "guests" could be told a WiFi password which could be changed at will. (maybe when they leave)  With it being different from the primary WiFi password, changing the Guest WiFi password would not affect any permanent devices on the primary network.
• To set up a network that is separate from the primary network, so that devices on the Guest network cannot "snoop" on the primary network.

The WiFi5 firmware allowed the user to decide what was important (and what was not).

 

If you want people to access that AVR, you have to tell them the primary network WiFi password.

 

One might imagine that NAT Hairpinning (also called NAT Loopback) would provide a workaround.

https://en.wikipedia.org/wiki/Network_address_translation#NAT_hairpinning

 

All Netgear routers support NAT Hairpinning.  When a device on the primary network attempts to connect to the public IP of the router and the appropriate port is forwarded to a specific local IP address, the connection will "loop back" at the router.  It might be worth a few minutes to confirm:

• That a device on the primary network can use the public IP of the router (and the appropriate port number) to connect to the AVR, and
• Then attempt the same thing with a device on the Guest WiFi network.

This is correct.  One could limit the vulnerability by forwarding the port only while guests are present.  The purpose of the proposal was to investigate whether devices on the Guest WiFi network have the same ability to use NAT Loopback as devices on the primary network.  If devices on the Guest WiFi network are not able to use NAT Loopback, that would seem to indicate that there is NO method to allow guests to access a resource on the primary network - none.

 

I find Netgear's change in Guest network options disappointing.  There can be all sorts of occasions when one might want temporary users (i.e. "guests") to have access to a local resource, such as a printer, file server, game server, etc. and be uncomfortable sharing the primary WiFi SSID with them.  With the WiFi5 feature, it is almost trivial to enable Guest access shortly before they arrive and disable it after they leave. (either enable/disable the feature, or enable/disable Guest WiFi entirely)