I have a GT-AX6000 that I just purchased last week, and I have three 2.4 Ghz and one 5 Ghz guest networks setup, all four of them were restricting intranet via the setting "Access Intranet" = disable in the guest network GUI. This is the basic purpose of the guest network concept, to allow devices internet access without having access to your devices on your LAN. I did make sure I was running the latest firmware.
The 2.4 Ghz guest networks are not allowing the connected devices to access the internet, however, unless I set "Access Intranet" = enable. Which defeats the entire purpose of the guest network. Interestingly, the 5 Ghz guest network operated as expected.
In the end, I installed the latest version of Merlin, and now the guest networks all work as expected. This is troubling though, why would such a basic bug exist on the stock firmware when a group of programmers has made an open source project that has fixed those bugs. Why doesn't Asus just copy their work into AsusWRT? Does anyone know of a fix other than Merlin? I noticed in another post about AsusWRT bugs that someone said they just installed Merlin and never looked back since it fixed "95% of my issues". It seems like I'm going to be doing that also.
Just in case you only read this far to find out why I have four guest networks. Basically, it's all just to protect my LAN by isolating untrusted devices which are going to be connected to my LAN for internet connectivity. One of the 2.4 Ghz SSIDs serves guests, and I have this moderately bandwidth limited so they don't take too much. The second 2.4 Ghz SSID serves IOT type devices that I don't care to have poking around in my LAN, and which don't need much bandwidth so I have it severely limited. The third 2.4 Ghz SSID serves devices like TVs which don't need LAN access since they can WiFi Direct for screen shares, with no bandwidth limiting. The 5 Ghz SSID serves our work PCs, and I don't care to let our employers have a device on the LAN side of my firewall either. No bandwidth limiting, obviously.
That makes sense in your work environment. I guess I'm lucky as this is our home, and the only reason I tried to set up a guest network was to see how the AXE16000 responds to one, to share on here. Exactly what you experience, I could connect to the guest network but no internet connectivity. Since I didn't really need it I didn't try to diagnose it further I'm afraid....
I agree with your concerns. Lots of people will say that it's open source so if there was malicious code, it would be found. But I don't think any of those people ever went looking through the thousands of lines of code in an open source project, auditing for malicious code (which they probably wouldn't recognize if they even saw it).
In the end, Asus is a foreign (Taiwanese) company, and is possibly just as likely as the Merlin people to put malicious code into routers that are used around the world.
Well, my AXE16000 seems to work as you would expect. When I am connected to the Guest network, no devices on my local network are shown in File Explorer-Network devices.
I will say, when an AiMesh configuration is involved, it might get complicated. There is a setting for allowing the Guest network to one or more Mesh Nodes, so perhaps that setting would help.
Edit: This was before the firmware I just got. After the Update, the Guest Network still appears to work. But when the update was finished, I got a message I had entered an incorrect password 5 times and could not log back in until after a time break. I had not tried to enter a password during this period.