The Intra2net system is connected to two local networks, one of which is used for the staff and the other for guests. Staff and guest networks should be strictly separated from each other.
The employee network uses 192.168.1.0/24, the guest network uses 192.168.5.0/24. Each of the two networks uses a separate interface of the Intra2net system.
Full access to the Internet from the guest network is permitted. Access to the Intra2net system is only allowed for DNS. Access to the employee network must not be possible under any circumstances.
The Intra2net system is DHCP server, but only for the guest network. Set up a DHCP pool for the guest network and make sure that guests are assigned the correct firewall ruleset for a DHCP request.