Configuring firewall policies for the SSID
For users on the WiFi LAN to communicate with other networks, firewall policies are required. This section describes creating a WiFi network to Internet policy.
Before you create firewall policies, you need to define any firewall addresses you will need.
To create a firewall address for WiFi users - web-based manager
- Go to Policy & Objects > Objects > Addresses.
- Select Create New, enter the following information and select OK.
Name | Enter a name for the address, wifi_net for example. |
Type | Select Subnet. |
Subnet / IP Range | Enter the subnet address, 10.10.110.0/24 for example. |
Interface | Select the interface where this address is used, e.g., example_wifi |
To create a firewall address for WiFi users - CLI
config firewall address
edit "wifi_net"
set associated-interface "example_wifi"
set subnet 10.10.110.0 255.255.255.0
end
To create a firewall policy - web-based manager
- Go to Policy & Objects > Policy > IPv4 and select Create New.
- In Incoming Interface, select the wireless interface.
- In Source Address, select the address of your WiFi network, wifi_net for example.
- In Outgoing Interface, select the Internet interface, for example, port1.
- In Destination Address, select All.
- In Service, select ALL, or select the particular services that you want to allow, and then select the right arrow button to move the service to the Selected Services list.
- In Schedule, select always, unless you want to define a schedule for limited hours.
- In Action, select ACCEPT.
- Select Enable NAT.
- Optionally, set up UTM features for wireless users.
- Select OK.
To create a firewall policy - CLI
config firewall policy
edit 0
set srcintf "example_wifi"
set dstintf "port1"
set srcaddr "wifi_net"
set dstaddr "all"
set action accept
set schedule "always"
set service "ANY"
set nat enable
end