So added these rules and no change...can go direct but no redirect on any browser/platform.
Even weirder traffic is disregarding these rules anyway and being let straight through..
Sep 9 14:22:12 10.1.22.43 stm[1529]: <124006> <WARN> <10.1.22.43 24:DE:C6:C3:ED:3E> TCP srcip=172.31.98.3 srcport=60611 dstip=74.125.31.95 dstport=443, action=src-nat
Sep 9 14:22:12 10.1.22.43 stm[1529]: <124006> <WARN> <10.1.22.43 24:DE:C6:C3:ED:3E> TCP srcip=172.31.98.3 srcport=44743 dstip=173.194.72.95 dstport=443, action=src-nat
But the page still can't load. These logs are from a client with the guest-login role:
wlan access-rule guest-login
index 7
captive-portal external profile "Guest"
rule any any match udp 67 68 permit log
rule any any match udp 53 53 permit log
rule 10.1.22.9 255.255.255.255 match any any any permit log
rule any any match any any any deny log