Configure a Firebox Internal or Guest Network

Applies To: Cloud-managed Fireboxes

For a cloud-managed Firebox, internal and guest networks are both private networks protected by the Firebox. These network types enable you to configure separate networks for trusted users and guest users, with different firewall policies applied by default for traffic for each network.

Internal — For network connections from trusted users or hosts

  • Network zone: Internal
  • A member of the built-in alias Any-Internal
  • The default Outbound firewall policy applies to traffic for this network

Guest — For network connections from guest users

  • Network zone: Guest
  • Not a member of any alias
  • The default Guest firewall policy allows outbound traffic from Guest networks

The network configuration settings for Internal and Guest networks are the same.

Edit or Add a Network

To open the Networks configuration, from WatchGuard Cloud:

  1. Select Configure > Devices.
  2. Select the cloud-managed Firebox.
  3. Click Device Configuration.
  4. Click the Networks tile.
    The Networks configuration page opens.

Screen shot of the Networks tiles on the Networks configuration page

To edit an internal or guest network, from WatchGuard Cloud:

  1. On the Networks page, click the tile of the network to edit.
    The network configuration page opens.
  2. Configure the network settings.
  3. To save configuration changes to the cloud, click Save.

To add an internal or guest network, from WatchGuard Cloud:

  1. At the top of the Networks page, click Add Network.
  2. From the drop-down list, select the network type:
    • To add an Internal network. select Add Internal Network.
    • To add a Guest network, select Add Guest Network.

    The Add Internal Network or Add Guest Network page appears.

Screen shot of the Add Internal Network page

  1. In the Name text box, type a name for the network.
  2. Configure the network settings, as described in the next section.
  3. To save configuration changes to the cloud, click Save.

Configure Network IP Address Settings

In the Network tab, you can configure the network IP address, VLAN settings, and associated interfaces. For a wireless Firebox, you can also add a wireless SSID.

Configure Network IP Address Settings

For an Internal or Guest network, the network IP address is the host IP address you want to assign to the Firebox, and a netmask in slash notation. For more information about slash notation, see About Slash Notation.

To configure network IP address settings for an Internal or Guest network, from WatchGuard Cloud:

  1. Add or edit an Internal or Guest network.

Screen shot of the Internal network IP address

  1. In the IP Address text box, type the IP address and netmask to use for this network.

To configure the Firebox to assign IP addresses to network clients, enable the DHCP Server on the DHCP Settings tab. For more information, see Configure Firebox Network DHCP Settings.

Configure VLAN Settings

You can configure any Firebox network as a virtual local area network (VLAN). When you enable VLAN for a network, all interfaces associated with the network are configured to handle untagged VLAN traffic by default. You can edit each interface to change whether it handles tagged or untagged VLAN traffic for this network.

For more information, see Configure Firebox VLANs.

Configure Network Interfaces

For each network, you select which Firebox interfaces are associated with the network. If you associate more than one interface to a network, network traffic is bridged between all associated interfaces.

When you add an Internal network, the lowest numbered available interface is automatically associated with the network.

In the settings for a network, the Interfaces section shows which interfaces are currently associated with the network, and which are available.

Screen shot of the Interfaces settings for a network

The interface icon color indicates interface status in relation to this network.

White interface icon Interface is associated with another network
Blue interface icon Interface is associated with this network
Gray interface icon. Interface is available to associate with this network

To see associated networks for an interface, point to View Networks for the interface.

By default, all interfaces are associated with a network. Before you can associate an interface with a different network, you must remove that interface from the network it was previously associated with.

If you associate more than one interface with a network, network traffic is bridged between all associated interfaces.

To configure the interface settings for a network, from WatchGuard Cloud:

  1. In the tile for an associated or available interface, click .

  1. Select one of these options:
  • No Traffic — Remove the interface from this network.
  • Add Network Traffic — Add the interface as the first interface associated with this network.
  • Bridged Network Traffic — Add this interface to a network that already has another associated interface or SSID.

For a VLAN, the interface options are Untagged VLAN or Tagged VLAN. For more information, see Configure Firebox VLANs.

Enable Wireless

For a wireless Firebox, you can enable wireless access to up to three Internal or Guest networks. The wireless SSID is bridged to any other interfaces enabled for the network.

SSIDs on all networks share the same wireless radio settings. To configure wireless radio settings, go to the main Networks configuration page. For more information, see Configure Wireless Radio Settings.

For more information on how to configure Firebox wireless networks, see Configure Firebox Wireless.

Configure DHCP Settings

On the DHCP tab you configure DHCP settings for the internal or guest network. In the DHCP settings, you can configure the Firebox to assign IP address to clients on the network, or to forward DHCP requests to a DHCP server.

For more information, see Configure Firebox Network DHCP Settings.

Configure Link Monitoring

On the Link Monitoring tab, you can enable link monitoring. When link monitoring is enabled, the Firebox sends traffic to a link monitor target to test network connectivity.

For more information, see Configure Firebox Network Link Monitoring.

Configure Advanced Settings

On the Advanced tab you can configure these network settings:

  • Web UI Access
  • Ping
  • MAC Access Control
  • Secondary Networks

For more information, see Configure Advanced Network Settings.

See Also

About Firebox Networking Settings