Deploying a wireless network as a separate zone

We want to create a wireless network for guests that allocates IP addresses from a defined range. We want to prevent access by hosts that we know to be sources of malware.

Objectives

When you complete this unit, you’ll know how to do the following:
  • Protect a designated wireless zone from threats and malware
  • Create a guest wireless network for a zone and assign an address range to the network
  • Prevent network access by specified hosts
  • Create a DHCP server for the network so that hosts can receive an IP address and gateway
  • Assign the network to an access point

Protect a wireless zone from threats and malware

  1. Go to Wireless > Wireless settings.
  2. Click the On/Off switch to turn wireless protection on.
  3. In the list of allowed zones, click Add new item and select the Wi-Fi check box.
  4. Click Apply selected items.

The firewall scans traffic on the selected zone for threats and malware.

Create a list of hosts to be blocked

  1. Go to Hosts and services > MAC host and click Add.
  2. Specify the settings.
    OptionDescription
    Name Bad hosts
    Type MAC list
    MAC address 00:16:76:49:33:CE, 00-16-76-49-33-CE

Create a wireless network as a separate zone

  1. Go to Wireless > Wireless networks and click Add.
  2. Specify the settings.
    OptionDescription
    Name Guest
    SSID Guest
    Security mode WPA2 Personal
    Client traffic Separate zone
    Zone WiFi
    IP address 192.0.2.1
    Netmask /24 (255.255.255.0)
  3. Type a password and confirm.
  4. Click Advanced settings and specify settings.
    OptionDescription
    MAC filtering Blacklist
    MAC list Bad hosts

The firewall contains a defined wireless network and a corresponding virtual interface. When guests access the network, they are assigned an IP address from the range specified. Blocked devices cannot access the network.

Create a DHCP server

  1. Go to Network > DHCP.
  2. In the server list, click Add.
  3. Specify the settings.
    OptionDescription
    Name Guest DHCP
    Interface Guest
    Start IP 192.0.2.2
    End IP 192.0.2.255
    Subnet mask /24 (255.255.255.0)
    Domain name guest.example.com
    Gateway Use interface IP as gateway
    Default lease time 1440
    Max lease time 2880
    Conflict detection Enable
    DNS server Use the DNS settings of XG Firewall

Guests who access the guest network will now be allocated an IP address from the range specified.

Add a wireless network to an access point

  1. Go to Wireless > Access points, and click an active access point.
  2. Select the country where the access point is located.
  3. In the wireless networks list, click Add new item and select the requested network.

The network is now deployed.