Configure Firebox Wireless

Applies To: Cloud-managed Fireboxes

Firebox devices with built-in wireless capabilities enable you to provide wireless access directly from the Firebox for wireless clients.

You can enable up to three wireless networks in these security zones:

  • Internal — An internal network is a private network protected by the Firebox. If you enable wireless on an internal network, wireless clients will have the same access as wired clients connected to the same physical network on the Firebox. You can also create internal wireless networks that are not associated with a physical Firebox network interface.
  • Guest — A guest network is a private network that enables guests to connect to external networks and prevents access to internal networks. If you enable wireless on a guest network, you can secure guest access so that wireless clients only have access to the Internet and cannot access any internal networks.

You can enable and configure an internal trusted wireless network and guest wireless network when you add your Firebox to WatchGuard Cloud and set up the Firebox. For more information, see Add a Cloud-Managed Firebox to WatchGuard Cloud.

Radio Settings

To configure global wireless radio settings that are applied to all your configured wireless networks, see Configure Wireless Radio Settings.

Screen shot of the Wireless Settings section in a device configuration in WatchGuard Cloud

Enable Wireless on an Internal Firebox Network

You can enable wireless access on any internal or guest Firebox network. From the Firebox configuration page, you can select the network where you want to enable wireless. In this example, we enable a wireless network on the primary internal network.

To enable wireless on the primary internal network, from WatchGuard Cloud:

  1. Select Configure > Devices.
  2. Select the cloud-managed Firebox.
  3. Click Device Configuration.
  4. Click the Networks tile.

    The Networks configuration page opens.
  5. To edit the network, click the tile for the Internal network.

Screen shot of the Networks page for a Firebox in WatchGuard Cloud

You can also create a new internal network for your wireless network. For more information, see Configure a Firebox Internal or Guest Network.

  1. In the Wireless section of the network configuration, click Add SSID.
    The Add SSID page opens.

Screen shot of the wireless network settings

  1. Configure wireless network settings:
  • SSID Name — Type a unique SSID name to identify your wireless network.
  • Broadcast SSID — To configure the wireless interface to send and answer SSID requests, select the Broadcast SSID check box. This enables your wireless clients to see the wireless network name when they search for a network. For security, you can disable this option to hide your network name. However, most wireless network scanners are able to detect the network name even if it is not broadcast.
  • Encryption (Authentication) — From the Encryption (Authentication) drop-down list, select the encryption and authentication setting to enable for connections to this wireless interface. WatchGuard recommends the default setting of Pre-Shared Key (WPA2 Only). Select Open System only if you want to provide a guest wireless network without encryption.
  • Passphrase — If you selected Pre-Shared Key (WPA2 Only) as the Encryption mode, type a secure passphrase to access the wireless network .
  1. To save the wireless settings, click Add.
  2. To save configuration changes to the cloud, click Save.
    The networks page shows the internal network with wireless enabled.

Screen shot of the Networks page for a Firebox with an internal wireless network

Enable Guest Wireless on a Firebox Network

You can enable a guest wireless network on your Firebox. This guest network has limited policies that only allow outbound access to the external networks (such as the Internet), and prevents access to other internal trusted wired or wireless networks.

To add a guest wireless network, from WatchGuard Cloud:

  1. Select your wireless, cloud-managed Firebox from the Device Manager list.
  2. Select Device Configuration.
  3. In the Networking section of the Device Configuration page for your Firebox, select Networks.
  4. Click Add Network.
  5. Select Add Guest Network from the drop-down list.
    The Add Guest Network page opens.

Screen shot of the network properties page

  1. Configure the guest network settings:
    • Name — Type a name for the guest network.
    • IP Address — Type an IP address for the guest network. You can configure DHCP settings for this network on the DHCP Settings tab.
    • Enable VLAN — To enable a VLAN for this network, select the Enable VLAN check box, and select a VLAN ID. For more information about VLANs, see Configure Firebox VLANs.
    • Interfaces — You can optionally associate a physical Firebox network interface with this guest network. If you only want to provide Internet access for guest wireless users, you do not have to assign a physical network interface. Assign a physical interface if you want to enable guest access to the resources on the network you select.
  2. In the Wireless section of the network configuration, click Add SSID.
    The Add SSID page opens.

Screen shot of the wireless settings

  1. Configure the guest wireless network.
    • SSID Name — Type a unique SSID name to identify your guest wireless network.
    • Broadcast SSID — To configure the wireless interface to send and answer SSID requests, select the Broadcast SSID check box. This enables your wireless clients to see the wireless network name when they search for a network. To improve security, you can disable this option to hide your network name. However, most wireless network scanners are able to detect the network name even if it is not broadcast.
    • Encryption (Authentication) — From the drop-down list, select the encryption and authentication setting to enable for connections to this wireless interface. WatchGuard recommends the default setting of Pre-Shared Key (WPA2 Only). Select Open System if you want to provide a guest wireless network without encryption.
    • Passphrase — Type a secure passphrase to access the wireless network if you selected Pre-Shared Key (WPA2 Only) as the Encryption (Authentication) mode.
  2. Click Add.
  3. To save configuration changes to the cloud, click Save.
    The networks page shows the new guest network with wireless enabled.

Screen shot of the Networks page for a Firebox with a Guest wireless network

See Also

About Firebox Networking Settings