So I need to create a location with a Wireless SSID criteria of my production wireless network name, for example "Test". Then I create a basic default firewall policy for that location allowing them to connect to the internal network.
Then I create another location using the Wireless SSID criteria but this time I chose "If the client computer does NOT user one of the Wireless SSID's listed below", and enter Test. And for this location I create another firewall policy that prevents them from getting to the internet.
But I also want to protect our laptops from other laptops that are also connected to the Starbucks or McDonald's SSID, not only ports 80 and 443 for internet but all access. In fact I would rather the laptops not be able to connect to foreign SSID's at all. What kind of firewall rules will I need to configure to accomplish this?