I have devices on a hotspot network that I want to occasionally access from an administrative LAN that is outside of the hotspot LAN on the same router. I observe that when the device is logged into the hotspot I can access it from the admin LAN. I also observe that using the walled garden to allow access does NOT work. It seems that walled garden allows outbound access from the device, but not inbound access to the device. I also observe that if I temporarily add the device to the /ip hotspot ip-binding list with the action of bypassed, I can access the device, but I do not want to keep making changes to the router config every time we need admin access to the device from the admin LAN. Is there a way to configure the hotspot to always allow inbound access from the admin LAN when the device not authorized on the hotspot?
Separately, but related, I'd like to be able to ping into the hotspot from the admin LAN to any hotspot device, all the time. Once again I've tried adding ICMP to the walled garden...it allows outbound ping, but not inbound. I've also tried adding ICMP to the pre-hs-input chain with an accept action and this does not help. Is there a way to accomplish this?