We have WLC 4402 and LWAP 1510
In access control list menu, all needed rule added and the last rule deny any to any
We use Ethernet bridging on LWAP and some clients connect with wire network that associated with Ethernet bridge LWAP, Now when deny rule applied the client that connect with wired network couldn't established VPN connection or another service to the routing and remote server, please be note that I create rule that permit any to routing and remote server.