Getting WiFi Users in a Separate Zone to access the Internet

Question

Hi everyone, 
 I've recently setup a Sophos XG 210 Firewall in our company's network. Before this, we were using two Sophos UTM appliances. 
 To re-enable our users to access the internet through our WiFi, I created two WiFi-Networks: 
 -> INTERNAL - for our Devs and IT personnell, to access out internal network and the internet. Briddged to AP LAN. Works fine. 
 -> GUEST - for our employees that want to use our WAN for their phones, etc. Set to be in a Separate Zone. Client isolation is enabled. DHCP server is set up and working. I also created a firewall rule allowing traffic from the WiFi zone to the WAN zone. With those settings, internet access is not possible. 
 I tried some different settings, but without any success. As the concepts behind XG and UTM are a little different, maybe I'm missing out something? 
 I hope someone can point me into the right direction here. 
 Thank you very much in advance! 
 Best regards, 
 Oliver

Muhammad Osama · Answer

Add an Allow DNS rule at the top which allows dns requests from ALL internal zones to the WAN zone to pass through. Also enable NAT policy for the Wifi to WAN rule 
 These are the three pre-requisites when configuring a separate zone: &bull;Create a DHCP server for the wireless network on that interface &bull;Add the interface to the allowed networks for DNS if it is a guest network &bull;Create firewall and NAT rules that include Web protection, IPS policies, and any other security modules to protect the users