With reference to your first image on your response you show Guest being added as a forward zone from the LAN. When I set it up like this without making other changes it actually opens up all traffic from the LAN to reach the Guest Zone which is not what I want.