Contents

Related Topics

Enable Wireless Connections

You can enable Access Point 1, Access Point 2, or Access Point 3 on your wireless Firebox for any network type, and configure the wireless interfaces with the same type of settings as an internal network interface.

The wireless interfaces appear on the network Interfaces page with these default interface names:

Access Point Interface Name
Access Point 1 ath1
Access Point 2 ath2
Access Point 3 ath3

For more information about network interfaces, see About Network Modes and Interfaces.

To enable wireless connections, from Fireware Web UI:Closed
  1. Select Network > Wireless.
    The Wireless configuration page appears.

Screen shot of the Wireless configuration page

  1. Select the Enable wireless check box.
  2. Select Enable wireless access points.
  3. Adjacent to Access point 1 or Access point 2, or Access point 3, click Configure.
    The Wireless Access Point configuration dialog box appears.

Screen shot of the Wireless network access configuration page

  1. In the Interface Name (Alias) text box, you can change the alias name of the interface or use the default name.
  2. From the Interface Type drop-down list, select an interface type for this Access Point interface.
    • Trusted
    • Optional
    • Bridge
    • VLAN
    • Custom

If you want your wireless users to be on the same network as your wired trusted or optional network, you must use a network bridge between the wireless interface and the trusted or optional wired interface. For more information, see Create a Network Bridge Configuration.
For detailed instructions on how to bridge a wireless interface to the trusted interface, see the Bridge a Firebox wireless interface to the trusted interface article in WatchGuard Knowledge Base.

  1. Click OK.
  2. Select the Wireless tab.

Screen shot of the Wireless network access configuration page

  1. To configure the wireless interface to send and answer SSID requests, select the Broadcast SSID check box.
  2. To send a log message each time a wireless computer tries to connect to the interface, select the Log Authentication Events check box.
  3. To allow wireless guest users to send traffic to each other, clear the Prohibit client to client wireless network traffic check box.
  4. To require wireless users to use the WatchGuard Mobile VPN with IPSec Client, select the Require encrypted Mobile VPN with IPSec connections for wireless clients check box.

When you select this option, the Firebox only allows the DHCP, DNS, IKE (UDP port 500), and ESP packets over the wireless network. If you require wireless users to use the IPSec Mobile VPN Client, it can increase the security for wireless clients if you do not select WPA or WPA2 as the wireless authentication method.

  1. In the Network name (SSID) text box, type a unique name for your wireless optional network, or use the default name.
  2. From the Encryption (Authentication) drop-down list, select the encryption and authentication setting to enable for wireless connections to the optional interface.
    WatchGuard recommends the default setting of WPA2 Only.
  3. From the Encryption algorithm drop-down list, select the type of encryption to use for the wireless connection and specify the keys or passwords required for the type of encryption you select.
    If you select an encryption option with pre-shared keys, a random pre-shared key is generated for you. You can use this key or type another key.
  4. Save the configuration.
To enable wireless connections, from Policy Manager:Closed
  1. Select Network > Wireless.
    The Wireless Configuration dialog box appears.

Screen shot of the Wireless Configuration dialog box

  1. Select the Enable wireless check box.
  2. Select Enable wireless access points.
  3. Adjacent to Access point 1 or Access point 2, or Access point 3, click Configure.
    The Wireless Access Point configuration dialog box appears.

Screen shot of the Wireless Access Point Configuration dialog box

  1. In the Interface Name (Alias) text box, you can change the alias name of the interface or use the default name.
  2. From the Interface Type drop-down list, select an interface type for this Access Point interface.
    • Trusted
    • Optional
    • Bridge
    • VLAN
    • Custom

If you want your wireless users to be on the same network as your wired trusted or optional network, you must use a network bridge between the wireless interface and the trusted or optional wired interface. For more information, see Create a Network Bridge Configuration.
For detailed instructions on how to bridge a wireless interface to the trusted interface, see the Bridge a Firebox wireless interface to the trusted interface article in the knowledge base.

  1. Click OK.
  2. Select the Wireless tab.

Screen shot of the Wireless Access Point Configuration dialog box

  1. To configure the wireless interface to send and answer SSID requests, select the Broadcast SSID check box.
  2. To send a log message each time a wireless computer tries to connect to the interface, select the Log Authentication Events check box.
  3. To allow wireless guest users to send traffic to each other, clear the Prohibit client to client wireless network traffic check box.
  4. To require wireless users to use the WatchGuard Mobile VPN with IPSec Client, select the Require encrypted Mobile VPN with IPSec connections for wireless clients check box.

When you select this option, the Firebox only allows the DHCP, DNS, IKE (UDP port 500), and ESP packets over the wireless network. If you require wireless users to use the IPSec Mobile VPN Client, it can increase the security for wireless clients if you do not select WPA or WPA2 as the wireless authentication method.

  1. In the Network name (SSID) text box, type a unique name for your wireless optional network, or use the default name.
  2. From the Encryption (Authentication) drop-down list, select the encryption and authentication to enable for wireless connections to the optional interface.
    WatchGuard recommends the default setting of WPA2 Only.
  3. From the Encryption algorithm drop-down list, select the type of encryption to use for the wireless connection and specify the keys or passwords required for the type of encryption you select.
    If you select an encryption option with pre-shared keys, a random pre-shared key is generated for you. You can use this key or type another key.
  4. Save the configuration.

If you enable wireless connections to the trusted interface, we recommend that you restrict access by MAC address. This is to make it more difficult for users to connect to the wireless Firebox from unauthorized computers.

To enable MAC access control:

  1. Select the MAC Access Control tab.
  2. Configure the settings to restrict network traffic on an interface, as described in Restrict Network Traffic by MAC Address.

Wireless and wired networks operate as if they are on the same local network. Broadcast traffic, such as DHCP requests, can pass between wired and wireless clients. If a DHCP server is active on the physical network, or if a wireless client is configured as a DHCP server, then all wired and wireless clients on that network can receive IP addresses from that DHCP server.

See Also

Wireless Device Configuration Options

About Wireless Radio Settings

About Network Modes and Interfaces

Enable or Disable SSID Broadcasts

Log Authentication Events

Change the SSID

Change the Fragmentation Threshold

Change the RTS Threshold

Set the Wireless Authentication Method

Set the Encryption Level

Give Us Feedback     Get Support     All Product Documentation     Technical Search

© 2018 WatchGuard Technologies, Inc. All rights reserved. WatchGuard, the WatchGuard logo, WatchGuard Dimension, Firebox, Core, Fireware, and LiveSecurity are registered trademarks or trademarks of WatchGuard Technologies in the United States and/or other countries.