Finally got Guest Access to work but need to set up exceptions. Users get DHCP and DNS from local server and then are allow http and https access to the internet only. Local http / https is blocked by a rule to all on an internal Class B subnet. Rules look like this:
permit 0.0.0.0 any udp dhcp client in
permit any 0.0.0.0. udp dhcp server out
permit range any udp dns in
permit any range udp dns out
deny range range tcp http in
deny range range tcp http out
deny range range tcp https in
deny range range tcp https out
allow range any tcp http in
allow any range tcp http out
allow range any tcp https in
allow any range tcp https out
Problem: Users may want to get to our websites that resolve differently locally. Global dns might point www.website.com to 100.100.100.100, but internally www.website.com points to 10.10.10.10. This is a Class C subnet.
I created a permit rule for the local sites, but it's not working. I think the order is the problem, but I don't know.
Any help would be really appreciated. Thank you kindly.