In the section about the Guest access they reference that the policy server needs to be publicly reachable on the internet. I am guessing this is so that the Meraki cloud can communicate with it? Rather than simply have the server wide open to the internet I am wondering if there is a list somewhere that can be used to limit exposure to this server from something more specific? At least only open on specific ports? I want this to be as secure as possible and am thinking there should be a best practice or something with more detail on setting this up. Maybe I am over thinking this too much?