Need a router that supports packet filtering for PCI scan compliance

[TK-Art]

I am a member of an artist’s co-operative that runs an art gallery. We use a Clover Solo POS device. As part of our credit card processing contract, we must have a PCI security scan run every 3 months. The requirements for this scan are:

“In order to run the scan, we need you to grant access to the IP addresses listed below.
If you use security software such as a firewall in your organization, you may need to white-list the below addresses in order for the scan to run successfully. Otherwise, you may block access to the scan, meaning it will fail. This will result in you being unable to successfully report your compliance.
If you are unsure how to do this, consult the help section of your firewall or contact your internet service provider for assistance.

• x.x.x.x/x
• x.x.x.x/x
• x.x.x.x/x
• x.x.x.x/x
• x.x.x.x/x
• x.x.x.x/x
• x.x.x.x/x”

So, this seems pretty straight forward and was until we switched from AT&T to Spectrum as our internet provider. The AT&T cable modem/router allowed me to add these IP addesses to a passthrough list (in their terminology, packet filtering) and the PCI scans all worked fine. The wifi router provided by Spectrum has very limited management capability and when I asked Spectrum support about it, the answer was to buy my own router. OK, but the problem I’m having is finding a wifi router that will support the PCI scan requirements. Packet filtering is not something that typically shows up in the router specs so I’ve had to download several router manuals but none of them appear to support packet filtering (Nighthawk RS100,RS90,RS70; tp-link BE6500; ASUS RX86U; ASUS RX55). The other requirements for the wifi router are to support 600 mbs down/400 mbs up, at least 3 lan ports, 1 wan port, cover an area approximately 1700 sq ft, and support WPA2. Right now, the only device on the wifi is a printer, and sometimes an artist’s laptop or phone, so the number of concurrent devices is low. Of course, I could turn off any firewall (if allowed) but I’m hesitant to do so. Any advice?