CommScope RUCKUS Community Forums

I'm attempting to configure Guest access (with Guest pass) as well as
BYOD activation using the Onboarding portal. When a device connects to
the Guest WLAN the device is redirected to the admin login of the ZD (https://zonedirector.domain.com/admin/login.jsp) instead of the Onboarding portal page (https://zonedirector.domain.com/user/onboarding.jsp).

Some background:
ZD1106 on firmware 9.8.3.0.14 - ZF7363 and ZF7372 APs
We
are using a signed SSL cert from a CA (GoDaddy) and all intermediate
certs are installed and devices do not give any certificate errors.

I did have this working "somewhat successfully" previously. However we want to use public DNS servers in our DHCP scope for Guest devices. When guest devices connected to the Guest WLAN, the public DNS servers could not resolve the local IP of the ZD and the redirect failed (obviously). Manually entering the ZD private IP (instead of the FQDN) allowed successful guest authentication.

We published a public IP address/DNS record for the ZD (although did not expose the ZD publicly) and then the guest client could resolve the public IP. We then used our firewall/router to do an internal NAT rule to translate the public IP to the private IP. However I could never get the guest devices to communicate via the public IP (even though it was being NAT'd internally), prior to authentication (ex: ping failed to public IP). If I authenticated the device with a guest pass by using the private IP of ZD, then pinging public IP was successful.

I then attempted to use a hot spot service where I could specify the public IP in the walled garden and I could communicate with the ZD prior to authentication (ex: ping to public IP was successful), but the redirect would always land on the ZD admin login no matter which address was specified for the login page. I can manually navigate to the Onboarding portal page via the FQDN, but obviously that didn't work because the Guest WLAN was changed to Hot Spot service and guest passes could not be issued. Changed the Guest WLAN back to a guest service and ping to public IP was successful but redirect always lands on Admin login. If I manually navigate to on boarding portal page and try to authenticate with a guest pass I receive error "This is an invalid Guest Pass. Please try again".

In an attempt to start over, I deleted the hotspot service and guest service from ZD and recreated only a new guest service and applied it to my Guest WLAN. But it still lands on Admin login page and NOT the onboarding portal,  while still also pinging the public IP. If I navigate to onboarding page manually and enter a newly created guest pass I get the invalid guest pass error. What is going on?

My goal is to use the Onboarding portal for both Guest Access with guest pass and BYOD device registration with ZeroIT. I want to use public DNS servers on the DHCP scope of the Guest WLAN. Is there a way to accomplish that?
We do have active support and can engage them if necessary.