Creating or modifying a Wi-Fi interface (WLAN)

Interfaces corresponding to the firewall's access points (WLAN) are listed in the left section of the Interfaces window. Select an interface in order to modify its parameters. A tab will appear:

“General configuration” tab


ON / OFF Set the switch to ON / OFF to enable/disable the WLAN interface.
Disabled interfaces cannot be used. You can disable interfaces that are not yet active, but which you intend to use in the future. An interface which has been disabled because it is not in use is an additional security measure against intrusions.

General Settings

Name (mandatory) Name given to the WLAN interface. (See warning in the introduction to the section on Interfaces)
Comments Allows you to enter comments regarding the interface.
This interface is An interface can either be “internal (protected)” or “external (public)”.
If you select “internal (protected)”, you are indicating that this interface is protected. This protection includes remembering machines that have logged on to this interface, conventional traffic security mechanisms (TCP) and implicit rules for services offered by the firewall such as DHCP (see the section Implicit rules). Protected interfaces are represented by a shield ().
If you select “external (public)”, you are indicating that this part of the network is linked up to the internet. In most cases, the external interface, linked up to the internet, has to be in external mode. The shield icon disappears when this option is selected.


Network name Enter the name assigned to the Wi-Fi network that the firewall manages (SSID).
Authentication Select one of the three authentication mechanisms that enable connections to the Wi-Fi network that the firewall manages:
  • Open network (no authentication).
    Note that when this option is selected, the Security key field will become inactive (grayed out).
  • WPA (Wi-Fi Protected Access).
  • WPA 2 (WPA 2 is an upgrade to WPA offering a higher level of security).
Security key
  1. Enter the security key (password) needed for logging on to the Wi-Fi network.
  2. Confirm security key.
    A progress bar will indicate the strength of the security key chosen.
AP Isolation This feature makes it possible to prohibit devices connected to the Wi-Fi network from communicating directly with one another without going through the firewall.
It is enabled by default (in public Wi-Fi hotspot configurations).
However, it must be disabled for private Wi-Fi networks that link up, for example, workstations to a network-based printer connected by Wi-Fi.

Address range

Address range inherited from the bridge If the interface is part of a bridge, the address range of the bridge can be retrieved. When this checkbox is selected, a Bridge field makes it possible to select the parent bridge of the interface.
Dynamic / Static Select this checkbox if the IP address of the interface must be static.
When it is selected, the IPv4 address field will appear; you can then choose this address type.

Here, several associated IP addresses and network masks may be defined for the same interface (therefore the need to create aliases, for example). These aliases may allow you to use this Stormshield Network firewall as a central routing point. As such, an interface can be connected to various sub-networks with a different address range. To add or remove them, simply use the Add and Delete buttons located above the fields in the table.

Several IP addresses (aliases) can be added in the same address range on an interface. In this case, these addresses must all have the same mask. Reloading the network configuration will apply this mask on the first address and a mask /32 on the following addresses.

WLAN interfaces cannot be added or deleted.