We have a simple Instant AP setup with a handful of VLANS and SSIDS.
VLAN279 - Servers - 10.245.279.0/24 GW 10.245.279.1
VLAN280 - Wireless Access Points - 10.245.280.0/24 GW 10.245.280.1
VLAN281 - Wireless Clients Interal - 10.245.281.0/24 GW 10.245.281.1
VLAN282 - Guest Wireless Clients - 10.245.282.0/24 GW 10.245.282.1
INTERNAL SSID - No network restrictions. Internal DNS
GUEST SSID - Internet access unrestricted, no access to VLAN280, 281 OR 279 with the exception of DHCP from 279. Google DNS.
Our mail server is 10.245.279.190 so two questions :
1) How do I allow the guest traffic access to only 443 on a single host from the Guest SSID?
2) How do I resolve DNS for mail.mycompany.com to tell traffic to use internal IP instead of external IP?