We have our main wireless network and reciently been told that a guest network is desired. We don't get too many outside people joining the network but it is growing. Additionally we want a seporate network for everyone to connect thier phone, tablets etc. without accessing the servers.
So we setup a 2nd employee network (must have password), Virtual Controler Managed with default VLAN assignments. For access rules I allow dhcp, dns, https and http to all destinations. (in that order) The last rule is to deny any to all destinations. My understanting is that this will allow access to the internet but not our local network. After some quick testing all seemed like it was working so we made it public. A week in now and we are getting complaints from apple users that thier personal mail apps are updating and a security cam app (on iphone) is not streaming the video. Work email (O365) works fine. It appears that only apple devices are affected. Is there an apple protocal that I need to allow?
We are running firmware v6.5.4.4_62887 on the 215 access points.