Dear all, my organization is requesting the following configuration, and we are encountering some issues or limitations. Request: The business is requesting that we limit access to a specific Wi-Fi network, which is accessed using MR36, 33, etc. devices with Enterprise licensing. This network is only accessible to IoT or PINpad devices, which must access a specific domain list; all other traffic would have to be denied or discarded. Technical scenario: As previously mentioned, the Wi-Fi network is comprised of MR devices. We distribute it using Catalyst C9200 equipment. The default gateway for that network is a Catalyst 9407r, which connects to an MX-250 to access the Internet. Client tracking is done through IP addressing, since the MX-250 doesn't have direct addressing. The device that has the VLANs and addressing is the C9407r. Note: The MX-250 has an Advanced Security licensing level. What would be your recommendation for applying this type of request? We used the MX-250's Firewall rule set, but it didn't work very well, as it drops traffic and doesn't handle URLs very well. We've noticed that the Layer 7 firewall only has the option to deny and disallow a specific list of URLs, for example. Would it be possible to apply a whitelist only to a specific IP segment?
... View more