Wireless networks

A wireless network provides common connection settings for wireless clients. These settings include SSID, security mode, and the method for handling client traffic.

When you add a wireless network to an access point, you define the method of integrating traffic on the wireless network into your local network.

Table 1. Client traffic types



Separate zone The wireless network is handled as a separate network with the specified IP address range. Use this option to configure firewall rules for the specified SSIDs.

All traffic from a separate zone network is sent to XG Firewall using the Virtual Extensible LAN (VXLAN) protocol. VXLAN is a virtual tunnel that encapsulates layer 2 Ethernet frames within layer 3 IP packets.

Encapsulation lowers the available MTU size. Lower MTU results in higher fragmentation and may slow the traffic at times. To prevent this issue, you can do one of the following:
  • Use Bridge to AP LAN or Bridge to VLAN.
  • If you must use a separate zone, lower the MTU value on users' endpoint devices.
Bridge to AP LAN The wireless network is bridged into the network of the selected access point. Clients share the IP address range of the access point.
Bridge to VLAN The wireless network is bridged into a VLAN. Use this method when you want access points to be in a common network that is separate from the wireless clients.

General settings

Client traffic
Method for integrating traffic on the wireless network into your local network.
Encryption algorithm to use for network traffic. AES is recommended.
Time-based access
Allow access to the wireless network according to the specified schedule.
Client isolation
Prevent traffic among wireless clients that connect to the same SSID on the same radio. This setting is typically used on guest networks.
Do not show the wireless network SSID.
Fast transition
Force wireless networks to use the IEEE 802.11r standard.
MAC filtering
Allow or block clients from connecting to the wireless network based on their MAC addresses.