Unifi Policy Block Rule to Drop All Traffic from VLAN from Going Out WAN?

Hey all, long time follower on YouTube but first time on the forums today! I’ve watched @LTS_Tom 's videos on the new Unifi Policy Engine and setting up privacy VPNs as clients. I also saw the short that Tom uploaded explaining that if you pause or delete a VPN client the routing policy will fail and traffic will revert to flowing back out WAN. I don’t plan to pause or delete my VPN client but I’d like to have backup rules just in case.

Is there a way to either set up a block rule to prevent traffic from a specific VLAN from ever going out WAN? Alternatively is there a way to tag all traffic on a VLAN and then drop any traffic with that tag before escaping out WAN? On my old pfSense gateway the latter option is how I had it set up thanks to another one of Tom’s older videos.

Thanks in advance!

The policy engine works just fine for that and is the proper way to do that, just don’t remove the VPN. I am not sure if there is another work around, I might do some more testing soon as I have some new videos I am working on.