For users on the WiFi LAN to communicate with other networks, firewall policies are required. This section describes creating a WiFi network to Internet policy.
Before you create firewall policies, you need to define any firewall addresses you will need.
To create a firewall address for WiFi users - web-based manager
- Go to Policy & Objects > Objects > Addresses.
- Select Create New, enter the following information and select OK.
|Name||Enter a name for the address, wifi_net for example.|
|Subnet / IP Range||Enter the subnet address, 10.10.110.0/24 for example.|
|Interface||Select the interface where this address is used, e.g., example_wifi|
To create a firewall address for WiFi users - CLI
config firewall address
set associated-interface "example_wifi"
set subnet 10.10.110.0 255.255.255.0
To create a firewall policy - web-based manager
- Go to Policy & Objects > Policy > IPv4 and select Create New.
- In Incoming Interface, select the wireless interface.
- In Source Address, select the address of your WiFi network, wifi_net for example.
- In Outgoing Interface, select the Internet interface, for example, port1.
- In Destination Address, select All.
- In Service, select ALL, or select the particular services that you want to allow, and then select the right arrow button to move the service to the Selected Services list.
- In Schedule, select always, unless you want to define a schedule for limited hours.
- In Action, select ACCEPT.
- Select Enable NAT.
- Optionally, set up UTM features for wireless users.
- Select OK.
To create a firewall policy - CLI
config firewall policy
set srcintf "example_wifi"
set dstintf "port1"
set srcaddr "wifi_net"
set dstaddr "all"
set action accept
set schedule "always"
set service "ANY"
set nat enable