Add a wireless network

  1. Go to Wireless > Wireless networks and click Add.
  2. Type a name and Service Set Identifier (SSID).
    The SSID can consist of 1-32 ASCII printable characters.
  3. Select a security mode.
    WPA2 is recommended. The firewall supports IEEE 802.11r on networks that are secured with WPA2.
    Note When using enterprise authentication, you also need to configure a RADIUS server. Use the wireless network name as the NAS ID.
  4. From the Client traffic list, select the method for integrating traffic on the wireless network into your local network.
    OptionDescription
    Separate zone The wireless network is handled as a separate network with the specified IP address range. When you create a network as a separate zone, the firewall creates a corresponding virtual interface. To assign an address and gateway to clients, create a DHCP server for the interface.
    Bridge to AP LAN The wireless network is bridged into the network of the selected access point. Clients share the IP address range of the access point. When you add a network of this type to an access point, the firewall creates a corresponding interface. To deploy the network in bridge mode, create a bridge interface. To deploy the network in gateway mode, specify a zone and IP address, and create a DHCP server.
    Bridge to VLAN The wireless network is bridged into a VLAN. Use this method when you want access points to be in a common network that is separate from the wireless clients. When using enterprise authentication, you can specify how the client VLAN ID is to be defined. When you select “Static”, the access point always uses the bridge to VLAN ID specified. When you select “RADIUS and static”, the RADIUS server tells the access point which VLAN ID to use for a given user. If a user does not have a VLAN ID attribute assigned, the access point uses the bridge to VLAN ID specified.
  5. Specify the settings.
    OptionDescription
    Encryption Encryption algorithm to use for network traffic. AES is recommended.
    Time-based access Allow access to the wireless network according to the specified schedule.
    Client isolation Prevent traffic among wireless clients that connect to the same SSID on the same radio. This setting is typically used on guest networks.
    Hide SSID Do not show the wireless network SSID.
    Fast transition Force wireless networks to use the IEEE 802.11r standard.
    Note This feature doesn't work between Sophos legacy access points and Sophos APX series access points.
    MAC filtering Allow or block clients from connecting to the wireless network based on their MAC addresses.
  6. Click Save.

Go to Wireless > Access points and add the wireless network to an access point.