I have an IAP 103 that is setup for Guest. The IAP is connected to a network that is routable to other networks within the office. How can I configure the access rules to deny Guests from accessing internal office networks (192.168.1.1/24, 192.168.2.0/24 and 192.168.3.0/24) but still allow HTTP, HTTPS, and DNS resolution from/to Internet? Typically you configure the access rule to allow first and deny all last but in this case if I followed that method Guest would be able to get to all those networks.
Also, what is the "to master IP" access rule option? Would that allow me to deny anyone on the Guest network from being able to access the IAP?
Thanks
GM