Hi Matt, I’d recommend creating a user profile IP firewall policy along these lines:
This is a variation of the guest internet access only default IP firewall object. The rules are applied to any traffic from the top down, so this firewall will allow DHCP traffic, allow DNS traffic, deny any internal network address request, allow access to gofan.co (220.127.116.11), and deny all other requests for traffic destinations.
You don’t have to create a new VLAN for this traffic if you don’t want to, the rules will still apply to any traffic coming through that SSID and others on the same VLAN will not be effected. Is that what you were looking for?