Configuring firewall policies for the SSID
For users on the WiFi LAN to communicate with other networks, firewall policies are required. This section describes creating a WiFi network to Internet policy.
Before you create firewall policies, you need to define any firewall addresses you will need.
To create a firewall address for WiFi users - GUI
- Go to Policy & Objects > Addresses.
- Select Create New, enter the following information and select OK.
Name |
Enter a name for the address. For example, wifi_net. |
Type |
Select Subnet. |
Subnet / IP Range |
Enter the subnet address. For example, 10.10.110.0/24. |
Interface |
Select the interface where this address is used. For example, example_wifi. |
To create a firewall address for WiFi users - CLI
config firewall address
edit "wifi_net"
set associated-interface "example_wifi"
set subnet 10.10.110.0 255.255.255.0
end
To create a firewall policy - GUI
- Go to Policy & Objects > IPv4 Policy and select Create New.
- In Incoming Interface, select the wireless interface.
- In Source Address, select the address of your WiFi network, wifi_net for example.
- In Outgoing Interface, select the Internet interface, for example, port1.
- In Destination Address, select All.
- In Service, select ALL, or select the particular services that you want to allow, and then select the right arrow button to move the service to the Selected Services list.
- In Schedule, select always, unless you want to define a schedule for limited hours.
- In Action, select ACCEPT.
- Select Enable NAT.
- Optionally, set up UTM features for wireless users.
- Select OK.
To create a firewall policy - CLI
config firewall policy
edit 0
set srcintf "example_wifi"
set dstintf "port1"
set srcaddr "wifi_net"
set dstaddr "all"
set action accept
set schedule "always"
set service "ALL"
set nat enable
end