Due to the pandemic, our District’s highschools are moving to a paperless ticketing system for High School games. A 410C access point was mounted on the outside of the ticketing booth - I am trying to create a network that allows parents to connect to the internet but only allow access to ONE specific site (the ticketing site - gofan.co).
I am having some trouble accomplishing this through the IP Firewall Policies and wanted to reach out here to see if anyone had some ideas.
We currently have FortiNAC deployed which typically allows guest registration on a normal basis, but to avoid any registration issues during games when IT may not be available, I created a separate SSID for the ticketing booth with a simple PSK that parents will be able to connect to easily while in line. I have the user profile dropping clients on the same VLAN our normal guest connect to but wouldn’t be opposed to create a new VLAN for the ticketing site if that would make the desired result easier to achieve. Thanks for your time in advance and for any ideas you may share.
Best answer by Sam Pirok
Thank you for letting me know. I ran this past some XIQ technicians and they confirmed that is all we should have to do, but we would need to narrow down the IP scope the site is using to do this effectively.
They recommended using a content filter for this instead, partially due to needing the IP scope, and partially because the APs will slow down significantly if they have to do any heavy filtering, and blocking all traffic minus one site is potentially heavy filtering. I’m sorry I don’t have better news for you here, but you are setting it up correctly.