We are planning to deploy guest wifi using "magic vlan" where IAP acts as DHCP server & NATs clients. I am planning to implement rules/policies in IAP.
Is denying IP subnets of our internal network enough to secure guest wifi from attacks/hacking? I am also denying UDP port 68 and allowing http/https, ftp and few other standard proctocol. Also guest & corp are on same circuit.