Wireless Access

We have our main wireless network and reciently been told that a guest network is desired. We don't get too many outside people joining the network but it is growing. Additionally we want a seporate network for everyone to connect thier phone, tablets etc. without accessing the servers.

So we setup a 2nd employee network (must have password), Virtual Controler Managed with default VLAN assignments. For access rules I allow dhcp, dns, https and http to all destinations. (in that order) The last rule is to deny any to all destinations. My understanting is that this will allow access to the internet but not our local network. After some quick testing all seemed like it was working so we made it public. A week in now and we are getting complaints from apple users that thier personal mail apps are updating and a security cam app (on iphone) is not streaming the video. Work email (O365) works fine. It appears that only apple devices are affected. Is there an apple protocal that I need to allow?

We are running firmware v6.5.4.4_62887 on the 215 access points.

You need to allow more ports.  Even gmail uses more ports:  https://support.google.com/mail/answer/7126229?hl=en

You should just block the traffic you don't specifically don't want and allow everything else.

I removed all rules and added one to deny any to our internal network scope. No internet access but mail is syncing. Devices are getting IPs from the AP, is there a DNS setting that is still pointing to our internal DNS server?

Thanks

What DNS server are you supplying to your clients via DHCP?

Thanks for pointing me in the right direction, no DHCP server info was filled out. Set an IP scope different from our main network, removed the rules I created and it all worked.  Internet access no access to our main network.

I wasn't the one who setup the the APs origionally and had never worked with Arubas before. Thanks for the guideance.