Thank you for your response regarding ACL. My goal likely can be done with ACL, but with protected ports it could be much easier (as I need separate many ports). Private VLAN could be desirable (but unfortunately there is no such thing on Powerconnect 6200 series switches).

Therefore I would like to get more information about "Protected Port" feature.

This command
show switchport protected
shows that my test ports are protected

You wrote that:
"A ping will send a ICMP echo request packet which operates at layer 3. Which may explain why you are seeing the pings go through."

Yes, ICMP echo requests operates at L3, but as all 3 involved devices operates at L2 (both tested devices are L2 managed DLink switches) and there is no L3 device between them (no one knows about routing and there is no Gateway at all) - in this situation both protected ports first needs to "talk" with each other at L2 to get ICMP echo requests to work (or am I wrong?). Additionally I checked MAC address tables on both L2 DLink switches and there are entries with each other MAC.
If this is a supposed behavior - what is purpose of protected ports? And I still do not understand group idea (why these groups are needed)?

On DLinks there is similar feature, which is called "Traffic Segmentation" and works the way I supposed "Protected Port" feature on Dell should work.

Could you help me regarding these questions?

Yes, it works as it was supposed! Thank you! Protected ports group description is a little bit confusing in manual.