For anybody that does land here, I thought it was odd but I had to explicitly allow DHCP Server broadcast traffic. I created a Permit rule ACL for UDP protocols with destination ports group "DHCP Server". Probably could have set more specific network...
Did you ever figure this out? I'm up against the same issue and haven't found a way around it yet. Same symptoms, as soon as I enable the firewall option, guests can no longer connect to the Guest SSID. As if DHCP has become unavailable. The controll...