You may create another VLAN, let say for example VLAN130. You may set the server on VLAN110 and the members of VLAN120 (that needs access to the server) as members of VLAN130.
Another is, if ever the server has 2 ethernet ports, you may connect the first ethernet port to VLAN 110 then connect the second ethernet port to VLAN 120.
I have assumed that you are using a switch because my answer is applicable if you are using a switch. Sorry for I have assumed. 😞 I should have asked you this first: what NETGEAR device/model are you using?
With DaneA's suggestion, the interVLAN connection is not anymore necessary. All changes will be made on the switches, all you need to do is to add another VLAN (example mention VLAN130) once done add the server as a member of VLAN130 along with the other device(s) that needs access to the switch. This will let the devices talk to the server without letting the two subnets talk.
There's nothing special actually, you'll just have to add another VLAN. Click here (go to page 97) for instructions on how to create a VLAN. For better understanding on what DaneA's suggestion is, I have an example below:
VLAN10 - Server and network with 192.168.10.x IP
VLAN20 - Computers that needs to access the server and network with 192.168.20.x IP
Problem: The computers needs to access the server but restrict other devices from each subnet to communicate.
Solution: Add VLAN30 - members of VLAN 30 will be Server and Computers that needs access to server.
You will have to make the Server a member of both VLAN10 and VLAN 30. Then, make the Computers that needs access to the server a member of both VLAN20 and VLAN30.
After doing so, you will enable inter-VLAN routing on VLAN20 and VLAN30.
Now I get it... Unfortunately this answers does not solve my issue.
The server that I use (it's actualy a wifi controller) does not have the abillity to be a member of two vlans.
And the clients can't be configured that way since it's a public network.
I do not have the acces (or the will 😉 to configure all clients that visit the network.
This information is already written above but maybe it's misunderstood.
I'm gonna try to rephrase my question:
When I enable intervlan connect in the SRX5308 the traffic I need is possible between the guest clients and the server (wifi controller). But this makes all traffic possible between the two Vlan's. I want to restrict the rest of the trafic between the Vlans exept access to the server. The Vlan where the server is in is the same vlan as all my essential devices are in (router, switches, AP's ect...) so I realy want to prevent unnecesary access to those devices.
Setting up firewall rule on the SRX5308 is not applicable. For me, the Ruckus wireless controller should be connected to a switch and it should be a member of a Management VLAN configured on a switch. For references, you can check some examples of deployment scenarios on pages 37-44 of the NETGEAR WC7600 wireless controller here.
If ever the Ruckus wireless controller is connected to a port on the switch untagged on VLAN 110 and VLAN routing is enabled between VLAN 110 and VLAN 120 (note that VLAN routing is configured on the switch not on the SRX5308), setting up access control list on the switch would possibly restrict some users on the VLAN 120 to access the Ruckus wireless controller. For the the Access Control configuration, kindly check page 209 of the GS752TXS user manual here. You may contact NETGEAR Support for technical assistance.
I think that does not solve the issue as well since I want to allow all clients on vlan 110 to acces the controller but not to other devices on vlan 110. Do you agree It will be better to get another router/firewall?
You might want to at least try the suggestion I have mentioned about access control list. For me, it just needs proper network setup and configuration.
