L3 Firewall Rules ePMP 2000

Question, I am looking to setup the firewall rules on the AP to help protect the internal network from the outside cameras. The setup is below:

AP -

GW is

--SM 1



--SM 2



So far I have the flowing rules:

fromInternal-Lan Accept LAN SRC IP192.168.1.0/ DestIP

fromInternal-Wifi Accept WLAN SRC IP192.168.1.0/ DestIP

fromControler Accept LAN SCV IP192.168.6.29/ DestIP

Deny-Wifi Deny WLAN

Deny-Lan Deny LAN

I need traffic requests to source from the LAN side (192.168.1.X) to the AP then to the cameras at the sites. The cameras will stream video back to the 192.168.1.x network as well as get NTP from and of course maintain management of the AP and Subscriber moduels. Do I need to add an explicit entry for each device out on the network or is there a cleaner way to do it?  Do I also need the explicit deny deny at the end?

Thank you Josh