When purchasing a Firebox that has wireless capabilities, such as a T40W, you can configure Wireless Networks that show as additional ‘interfaces’ in Policy Manager and Firebox System Manager. These networks can still follow the segmentation that currently stands in your environment, but the ‘Interface Type’ may need to be altered. If your networks are currently created and aren’t a VLAN or Bridge, then the previous statement is true. Follow along below to see steps for configuring two wireless networks set-up as a Bridge.
- In Policy Manager, select Network→Configuration
- Navigate to the Bridge tab
Determine your preferred network ranges to utilize. o Note: If you are changing your interface from ‘Trusted’ or ‘Optional’ under the Interfaces tab, you will need to change those networks on that tab first. If not, you will receive errors about the network already being in use.
To ensure proper segmentation, we recommend creating these networks under the Bridge (or VLAN) tab as the Custom interface type. This guarantees there will be no policy overlap. o Note: If your network interfaces were not the Custom type before, you will need to specifically name these new interfaces on every policy necessary to pass traffic. ‘Any-Trusted’ and ‘Any-Optional’ do not apply to Custom interface types.
Below is the network scheme we utilized:
At this point, we can configure our interfaces. When selecting an interface, you will be shown radio button options to identify the network to utilize, shown below:
The main difference when configuring the ‘ath’ interfaces, is that there is a Wireless tab where you dictate your SSID name, and connection requirements. Be sure to enable client isolation on your guest networks!
Below is the finalized configuration on the Network→Configuration→Interfaces Tab
As you can see, we bridged eth1→ath1, eth2→ath2, and eth3→ath3. This isn’t required, but keeps the interfaces organized. Be sure to name your interfaces to keep track.
From the configuration example shown, there are three physical interfaces, as well as three SSID’s being broadcast. Because these Bridge Interface Types are Custom, these networks will not be able to communicate with each other unless a policy is configured to do so. Be sure to create policies for DNS, HTTP, and HTTPS to allow browsing to the internet. These are required if you have deleted or disabled your Outgoing policy. Using this configuration example, you could configure Internal, Guest, and IoT networks for your environment.