GX450 (ATT) Routing Config

I have recently upgrade my AT&T WAN connection to LTE service. With this new service i have an IPSec Tunnel back directly to my data center. So now when a patrol car is out in the field it has full access to the entire subnet.

I really do not want to get AT&T involved with editing the ACLs, it would take moths for this to happen.

Is there a way to have the modem block traffic coming from an application going over the WAN connection and only allowing that application to use WiFi only?