They demand a solution with 2 Networks, a SSID with a short Passwort "1234" but only Access to 4 or 5 Special Websites (CNN / Healthcare ) and a SSID with a strong Password for employes.
Can i build a SSID / Network that only contains some Websites ?? I have found IP Block / Deny and Application Block and Allow but no Point of "Whitelist Websites". Of Course i could allow IP but this ist not usable with big News Sites.
If you go to VNS->Roles you can create a policy to block everything. That could be assigned to the public user ssid. Then add another 5 policies to allow to the 5 websites. Vns-Roles->choose a role or make a new one and then select that role ->select the Policy Rules tab->click add->select l7 radio button->click "Custom Web Application"->click "+" to make a new one->then choose group: Web Application, type: Host name, Matching Patterns:cnn.com. This would allow traffic to cnn.com.
Whitelisting One or More Applications
You can create a policy to block everything except a single application or small group of applications (or web sites).
To whitelist one or more applications:
1. Select Roles from the menu.
2. Select Add to add a new role. Alternatively, select an existing role and select Configure Role.
3. Create a Deny policy to block everything. This policy can be assigned to a public user SSID.
4. Add an extended application policy to allow a single web site. From the Configure Role page, select New Application Policy.
A new row is added to the Rules list.
5. Select the Edit (pencil) icon and configure the application rule.
6. Next to the Application field, select the Edit (pencil) icon.
The Custom Applications dialog opens.
7. Select Create New Application and configure the fields in the Application Setting dialog that opens.
For example, to allow access to www.companyname.com, enter Web Applications as the group,
Company Name as the name, and www.companyname.com as the pattern.
Group - Specify the application group to which the application belongs. The groups are pre-defined and cannot be customized.
Name - Enter a unique name for the custom application.
Pattern - Enter all or part of a fully qualified domain name (FQDN). The rule will match if the text that you enter appears anywhere in the host header of HTTP traffic. Example: The pattern companyname will match 'www.companyname.com', 'companyname.com' and 'www.company-name.com'. The match is case sensitive, so the pattern will not match 'Companyname.com'.
8. Repeat step 4-7 as needed to add additional individual web sites that each allow one web site. For
example, if you want to allow five web sites, make an extended application rule for each web site, for
a total of 5 extended application rules.