For users on the WiFi LAN to communicate with other networks, firewall policies are required. This section describes creating a WiFi network to Internet policy.
Before you create firewall policies, you need to define any firewall addresses you will need.
- Go to Policy & Objects > Addresses.
- Select Create New, enter the following information and select OK.
Enter a name for the address. For example, wifi_net.
Subnet / IP Range
Enter the subnet address. For example, 10.10.110.0/24.
Select the interface where this address is used. For example, example_wifi.
config firewall address
set associated-interface "example_wifi"
set subnet 10.10.110.0 255.255.255.0
- Go to Policy & Objects > IPv4 Policy and select Create New.
- In Incoming Interface, select the wireless interface.
- In Source Address, select the address of your WiFi network, wifi_net for example.
- In Outgoing Interface, select the Internet interface, for example, port1.
- In Destination Address, select All.
- In Service, select ALL, or select the particular services that you want to allow, and then select the right arrow button to move the service to the Selected Services list.
- In Schedule, select always, unless you want to define a schedule for limited hours.
- In Action, select ACCEPT.
- Select Enable NAT.
- Optionally, set up UTM features for wireless users.
- Select OK.
config firewall policy
set srcintf "example_wifi"
set dstintf "port1"
set srcaddr "wifi_net"
set dstaddr "all"
set action accept
set schedule "always"
set service "ALL"
set nat enable