Configuring firewall policies
A firewall policy is needed to enable WiFi users to access the Internet on port1. First you create firewall address for the WiFi network, then you create the example_wifi to port1 policy.
To create a firewall address for WiFi users - web-based manager
1. Go to Firewall Objects > Address > Addresses.
2. Select Create New, enter the following information and select OK.
Address Name | wlan_user_net |
Type | Subnet / IP Range |
Subnet / IP Range | 10.10.110.0/24 |
Interface | example_wifi |
To create a firewall address for WiFi users - CLI
config firewall address
edit "wlan_user_net"
set associated-interface "example_wifi"
set subnet 10.10.110.0 255.255.255.0
end
To create a firewall policy for WiFi users - web-based manager
1. Go to Firewall Objects > Policy and select Create New.
2. Enter the following information and select OK:
Incoming Interface | example_wifi |
Source Address | wlan_user_net |
Outgoing Interface | port1 |
Destination Address | All |
Schedule | always |
Service | ALL |
Action | ACCEPT |
Enable NAT | Selected. Select Use Destination Interface Address (default). |
Leave other settings at their default values. |
To create a firewall policy for WiFi users - CLI
config firewall policy
edit 0
set srcintf "example_wifi"
set dstintf "port1"
set srcaddr "wlan_user_net"
set dstaddr "all"
set schedule always
set service ALL
set action accept
set nat enable
end