Hi Charlie,
Ok, I understand. One more question. I want to create in my IAP a user role which has an external captive portal, but also the client should be able to access network 192.168.200.0/24 before the captive portal page, for example. I think that's possible in an Aruba Controller, if we take as an example the default guest-logon role:
I think I can achive that just creating one firewall policy with a "user 192.168.200.0/24 any permit" rule and placing that firewall policy above the "captiveportal" one.
However, in my Instant AP I have this guestSURA role:
In this way, I have to log in the captive portal page, and then I will be able to access network 192.168.200.0/24. But I want to access that network before the captive portal page. But I can't move the rule which allow traffic to network 192.168.200.0/24 to the first position, before the captive portal rule, I am not allowed to do so in the GUI. I don't know if that's possible with the CLI, therefore my question about "wlan access-rule" and so on. Do you think that's possible in Instant?
Regards,
Julián