Enable a Wireless Guest Network (Fireware XTM OS v11.8.x and Lower)

You can enable a wireless guest network to give a guest user wireless access to the Internet without access to computers on your trusted and optional networks.

To set up a wireless guest network:

  1. Select Network > Wireless.
    The Wireless Configuration page appears.

Screen shot of the Wireless configuration page

  1. Select Enable wireless access points.
  2. Adjacent to Wireless guest, click Configure.

Screen shot of the Wireless Guest Network configuration page

  1. Select the Enable Wireless Guest Network check box.
    Wireless connections are allowed through the XTM device to the Internet based on the rules you have configured for outgoing access on your device. These computers have no access to computers on the trusted or optional network.
  2. In the IP Address text box, type the private IP address to use for the wireless guest network.
    The IP address you type must not already be in use on one of your network interfaces. 
  3. In the Subnet Mask text box, type the subnet mask.
    The correct value is usually
  4. To configure the XTM device as a DHCP server when a wireless device tries to make a connection, select the Enable DHCP Server on Wireless Guest Network check box.
  5. To see the security settings for the wireless guest network, select the Wireless tab.
    The Wireless settings appear.

Screen shot of the Wireless Guest Network - Wireless tab

  1. To make your wireless guest network name visible to guest users, select the Broadcast SSID and respond to SSID queries check box.
  2. To send a log message to the log file each time a wireless computer tries to connect to the guest wireless network, select the Log Authentication Events check box.
  3. To allow wireless guest users to send traffic to each other, clear the Prohibit client to client wireless network traffic check box.
  4. In the Network name (SSID)) text box, type a unique name for your wireless guest network or use the default name.
  5. To change the fragmentation threshold, in the Fragmentation Threshold text box, type a value: 256–2346.
    WatchGuard recommends that you do not change this setting.
  6. To change the RTS Threshold, in the RTS Threshold text box, type a value: 256-2346.
    WatchGuard recommends that you do not change this setting.
  7. From the Authentication drop-down list, select the type of authentication to enable for connections to the wireless guest network.
    Select the setting for the type of guest access you want to provide, and whether you want to require your guests to enter a passphrase to use the network.
  8. From the Encryption / Authentication drop-down list, select the type of encryption to use for the wireless connection and add the keys or passwords required for the type of encryption you select.
    If you select an authentication option that uses pre-shared keys, a random pre-shared key is generated for you. You can use this key or type a new key.
  9. Click Return to Main Page.
  10. Click Save.

You can also configure your wireless guest network as a hotspot. For more information, see Enable a Hotspot.

Another configuration option you can select is to restrict access to the guest network by MAC address.

  1. To enable MAC access control, select the MAC Access Control tab.
  2. Configure the settings as described in Restrict Network Traffic by MAC Address.

See Also

Wireless Device Configuration Options

About Wireless Radio Settings

Configure IPv4 DHCP in Mixed Routing Mode

Enable/Disable SSID Broadcasts

Log Authentication Events

Change the SSID

Change the Fragmentation Threshold

Change the RTS Threshold

Set the Wireless Authentication Method

Set the Encryption Level

Give Us Feedback  •   Get Support  •   All Product Documentation  •   Knowledge Base