Creating the security policy
You need configure a security policy that allows traffic to flow from the WiFi SSID to the Internet interface but only for members of the Collected Emails device group. This policy must be listed first. Unknown devices are not members of the Collected Emails device group, so they do not match the policy.
To create the security policy
1. Go to Policy & Objects > Policy > IPv4 and select Create New.
2. Enter the following information:
Incoming Interface | wifi |
Source Address | all |
Source Device Type | Collected Emails |
Outgoing Interface | wan1 |
Destination Address | all |
Schedule | always |
Service | ALL |
Action | ACCEPT |
NAT | On |
3. Select OK.
To create the authentication rule - CLI
config firewall policy
edit 3
set srcintf "wifi"
set dstintf "wan1"
set srcaddr "all"
set action accept
set devices collected-emails
set nat enable
set schedule "always"
set service "ALL"
end