Enable Wireless Connections (Fireware XTM OS v11.8.x and Lower)

For a wireless XTM device that runs Fireware XTM OS v11.8.x or older, you can enable Access Point 1 and Access Point 2 on your wireless device to bridge to a trusted or optional network.

To bridge Access Point 1 and Access Point 2 to the same network, the XTM device must run Fireware XTM OS v11.8.1 or higher.

When you enable an access point on your wireless device to bridge to an interface, you must select whether to use a trusted or an optional interface.

Trusted

Any wireless clients on the trusted network have full access to computers on the trusted and optional networks, and access to the Internet as defined in the outgoing firewall rules on your Firebox or XTM device.

If the wireless client sets the IP address on its wireless network card with DHCP, the DHCP server on the trusted network of the XTM device must be active and configured.

Optional

Any wireless clients on the optional network have full access to computers on the optional network, and access to the Internet as defined in the outgoing firewall rules on your XTM device.

If the wireless client sets the IP address on its wireless network card with DHCP, the DHCP server on the optional network of the Firebox or XTM device must be active and configured.

To enable wireless connections to your trusted or optional network:

  1. Select Network > Wireless.
    The Wireless configuration page appears.

Screen shot of the Wireless configuration page

  1. Select Enable wireless access points.
  2. Adjacent to Access point 1 or Access point 2, click Configure.
    The Wireless Access Point configuration dialog box appears.

Screen shot of the Wireless network access configuration page

  1. Select the Enable wireless bridge to a Trusted or Optional interface check box.
  2. From the Enable wireless bridge to a Trusted or Optional interface drop-down list, select an option:
  3. To configure the wireless interface to send and answer SSID requests, select the Broadcast SSID and respond to SSID queries check box.
  4. To send a log message each time a wireless computer tries to connect to the interface, select the Log Authentication Events check box.
  5. To require wireless users to use the WatchGuard Mobile VPN with IPSec Client, select the Require encrypted Mobile VPN with IPSec connections for wireless clients check box.

When you select this option, the Firebox or XTM device only allows DHCP, DNS, IKE (UDP port 500), and ESP packets over the wireless network. This can increase the security for wireless clients if you do not select WPA or WPA2 as the wireless authentication method.

  1. In the Network name (SSID) text box, type a unique name for your wireless optional network or use the default name.
  2. To change the fragmentation threshold, in the Fragmentation Threshold text box, type a value: 256–2346.
    WatchGuard recommends that you do not change this setting.
  3. To change the RTS Threshold, in the RTS Threshold text box, type a value: 256-2346.
    WatchGuard recommends that you do not change this setting.
  4. From the Encryption (Authentication) drop-down list, select the encryption and authentication options to enable for wireless connections to the optional interface.
    WatchGuard recommends that you use WPA2, if the wireless devices in your network can support WPA2.
  5. From the Encryption algorithm drop-down list, select the type of encryption to use for the wireless connection and add the keys or passwords for the type of encryption you select.
    If you select an encryption option with pre-shared keys, a random pre-shared key is generated for you. You can use this key or type your own.
  6. Save the configuration.

If you enable wireless connections to the trusted interface, you can also restrict access by MAC address. This prevents users from connecting to the XTM wireless device from unauthorized computers that could contain viruses or spyware.

  1. To enable MAC access control, select the MAC Access Control tab.
  2. Configure the settings as described in Restrict Network Traffic by MAC Address.

When you enable wireless connections to a trusted or optional interface, the wireless and wired networks operate as if they are on the same local network. Broadcast traffic, such as DHCP requests, can pass between wired and wireless clients. If a DHCP server is active on the physical network, or if a wireless client is configured as a DHCP server, then all wired and wireless clients on that network can receive IP addresses from that DHCP server.

To configure a wireless guest network with no access to the computers on your trusted or optional networks, see Enable a Wireless Guest Network (Fireware XTM OS v11.8.x and Lower).

See Also

Wireless Device Configuration Options

About Wireless Radio Settings

Enable/Disable SSID Broadcasts

Log Authentication Events

Change the SSID

Change the Fragmentation Threshold

Change the RTS Threshold

Set the Wireless Authentication Method

Set the Encryption Level

Give Us Feedback  •   Get Support  •   All Product Documentation  •   Knowledge Base