I am not a networking expert... just know enough to be dangerous.
We have a wireless network set up on a Vlan that works great for Internet. We put the guest network on a different subnet to segregate the traffic and also so we could define a different DHCP scope. The APs are trunked via the VLan back to our Watchguard x1250e firewall and the firewall acts as the DHCP server. The problem is that devices on the guest network need HTTP and HTTPS access back to the internal network (for email and internal websites).
Wireless traffic is tagged as VLan 2 and trunked through our switches
Switches trunk back to an interface on the Watchguard x1250e firewall which is delegated as a Vlan interface
The watchguard functions as the DHCP server for the Vlan and works fine
Internal network is 192.168.1.0/24
Guest network is 192.168.58.0/24
DNS is a server on the 192.168.1.0/24 network
I can ping devices on the .58 network from the .1 network but not vice versa
Firewall policies are correctly set up to allow HTTP and HTTPS from .58 to .1
Outgoing Internet traffic works fine
I don't really want to mess around too much with subnets because it would throw our main network into upheaval to change all that stuff.
It seems like this is a static route but I'm not sure how to configure it. We have static routes configured for our MPLS WAN to satellite offices, so I've done it before, but putting in a static route to point 192.168.1.0/24 at the gateway does nothing to fix this.
Can somebody point me in the right direction?