Configuring firewall policies for the SSID
For users on the WiFi LAN to communicate with other networks, firewall policies are required. Before you create firewall policies, you need to define any firewall addresses you will need. This section describes creating a WiFi network to Internet policy.
To create a firewall address for WiFi users - web-based manager
1. Go to Firewall Objects > Address > Addresses.
2. Select Create New, enter the following information and select OK.
Name | Enter a name for the address, wifi_net for example. |
Type | Select Subnet. |
Subnet / IP Range | Enter the subnet address, 10.10.110.0/24 for example. |
Interface | Select the interface where this address is used, e.g., example_wifi |
To create a firewall address for WiFi users - CLI
config firewall address
edit "wifi_net"
set associated-interface "example_wifi"
set subnet 10.10.110.0 255.255.255.0
end
To create a firewall policy - web-based manager
1. Go to Policy > Policy > Policy and select Create New.
2. In Incoming Interface, select the wireless interface.
3. In Source Address, select the address of your WiFi network, wifi_net for example.
4. In Outgoing Interface, select the Internet interface, for example, port1.
5. In Destination Address, select All.
6. In Service, select ALL, or select the particular services that you want to allow, and then select the right arrow button to move the service to the Selected Services list.
7. In Schedule, select always, unless you want to define a schedule for limited hours.
8. In Action, select ACCEPT.
9. Select Enable NAT.
10. Optionally, set up UTM features for wireless users.
11. Select OK.
To create a firewall policy - CLI
config firewall policy
edit 0
set srcintf "example_wifi"
set dstintf "port1"
set srcaddr "wifi_net"
set dstaddr "all"
set action accept
set schedule "always"
set service "ANY"
set nat enable
end