Wi-Fi interface (WLAN)

Some firewalls build in a Wi-Fi card that makes it possible to configure two WLAN access points to connect wireless equipment over 2.4 GHz or 5 GHz frequency ranges. The parameters of each WiFi interface can be modified, but none can be added or deleted.

Wi-Fi interface control panel

Double-click on a Wi-Fi interface control panel to open it.



Set the switch to ON/OFF to enable or disable the interface.
Disabling a Wi-Fi interface makes it unusable even when the Wi-Fi network is enabled in the firewall’s configuration. Conversely, if the Wi-Fi interface is enabled but the Wi-Fi network is disabled, the network will be unreachable.

Ensure that the settings of Wi-Fi interface parameter coincide with those of the Wi-Fi network parameter (Configuration module > Network > Wi-Fi).

General settings

Name Name of the interface. The name assigned by default can be changed. This name is not the network name (SSID).
Comments Allows you to enter comments regarding the interface.
This interface is

An interface can be:

  • Internal (protected): when this option is selected, this means that the interface is protected (a shield appears). a protected interface only accepts packets coming from a known address range, such as a directly connected network or a network defined by a static route. This protection includes remembering machines that have logged on to this interface, conventional traffic security mechanisms (TCP) and implicit rules for services offered by the firewall such as DHCP.

  • External (public): choosing this option indicates that the interface does not benefit from the protection of a protected interface and can therefore receive packets coming from any address range (which are not assigned to internal interfaces). This type of interface is used mainly to connect the firewall to the Internet.


Network name Shows the name of the Wi-Fi network (SSID). This name can be changed if necessary.
Authentication Shows the type of security used for the authentication of the Wi-Fi network. Three choices are possible:
  • Open network: no authentication. When this option is selected, the Security key fields will be hidden.
  • WPA (Wi-Fi Protected Access).
  • WPA 2: WPA 2 is an upgraded form of WPA offering a higher level of security.
Security key

Allows the security key of the Wi-Fi network to be modified or displayed. Click on the button to the right of the field to display it. To modify the key, enter the new key in this field, then confirm it in the Confirm security key field. A progress bar will indicate the strength of the security key chosen.

AP Isolation This feature makes it possible to prohibit devices connected to the Wi-Fi network from communicating directly with one another without going through the firewall. This option is enabled by default in public Wi-Fi hotspot configurations.
However, it must be disabled for private Wi-Fi networks that link up, for example, workstations to a network-based printer connected by Wi-Fi.

Address range

Address range inherited from the bridge

When this option is selected, the interface becomes part of a bridge. Several parameters, such as the address range, will then be inherited from the bridge. This will unlock the Bridge field. Select the parent bridge of the interface in this field.

Dynamic / Static

Selecting this option indicates that the IP address of the interface is static. A grid appears, in which you must add the IP address and its subnet mask. Several IP addresses and associated masks can be added if aliases need to be created, for example. These aliases allow you to use the firewall as a central routing point. As such, an interface can be connected to various sub-networks with a different address range.

If you add several IP addresses (aliases) to the same address range, these addresses must all have the same mask. Reloading the network configuration will apply this mask to the first address and a /32 mask to the addresses that follow.