Thanks for your assistnace..
failing at the first hurdle again!
conf t
netdestination "apple.com"
name apple.com
" name" isnt a recognised command...
(config) #netdestination "apple.com"
(config-dest) #name
^
% Invalid input detected at '^' marker.
(config-dest) #?
host Configure a single host
invert Use all destinations EXCEPT this destination
network Configure a subnet
no Delete Command
range Configure a range of IP addresses
I carried on regardless.. and saw the config in the gui.. which was the same as Id tried before.. and the cna still pops up. domain lookup is enabled and I can ping apple.com.. so I know its resolving from the box ok.
We are using an upstream proxy server, but this info should be getting obtained from wpad.dat file.. which is the first rule in the guest logon policy. I know the wpad file works, as when on !auto" and logged in, I can see conections going through the proxy server...
For sanity testing.. I added an "any any permit" rule which worked... so Im 99.9% sure it is an aruba fw config issue... Ive tried hosting the "success" page on the proxy/dns server with a static dns entry resolivng apple.com to itself.. and successfully tested with the www.apple.com/library/test/success.html.. but still didnt work. Ive tried an apple.com destination nat to the proxy server, hoping to retrieve the "success" page this way.. but that didnt work either!