Configuring Wireless Network

The Device > Wireless page shows the wireless network settings (if applicable). 802.1x is supported.

You can configure your main wireless network and also additional guest or standard wireless networks (VAPs - Virtual Access Points).

  • Guest wireless network - Uses hotspot by default and is unprotected by default (no password required).

  • Standard wireless network - A protected wireless network that requires a password and does not use a hotspot by default.

To delete the wireless network, go to Device > Local Network.

If multiple wireless networks (VAPs) are defined, the page shows them in a table. You can add a new guest or standard wireless network and edit, delete, or disable existing ones. You can also clone an existing VAP.

Cloning a VAP

You cannot edit or change the main wireless network, or if you have only a single VAP. However, if you clone your VAP, you can edit the clone.

To clone a VAP:

Select the relevant VAP and click Clone.

When you clone a VAP, it receives a new name which is displayed in the table. The IP address and range of the clone is different than the original.

To edit a VAP:

  1. Double click the relevant VAP or select the VAP name and click Edit.

    The Edit window opens.

    Note - The wireless radio transmitter is the main VAP.

  2. In the Configuration tab, select the Wireless Security:

    • Protected network (recommended) – Enter the relevant information in the fields.

    • Unprotected network (not recommended)

To enable or disable the Wireless network:

  • Move the slider to select the On or Off option. If you configured multiple VAPs, selecting Off turns them all off.

    Note - If you turn off the wireless radio and then turn it back on, the VAPs remain disabled. To enable the VAPs, you must select the relevant entries in the table and click Enable.

  • To disable or enable the Wireless network, click Disable/Enable.

Wireless Scheduler

You can set scheduled times for the WiFi to be on and off and differentiate between radio bands (2.4GHz and 5GHz).

Use Case: Set the WiFi to work only during normal business hours and be off on weekends when the business is closed.

To enable the wireless scheduler:

  1. In the Wireless page, click Radio Settings.

    The Wireless Radio Edit window opens.

  2. Go to the Scheduler tab.

  3. Move the slider to ON to enable the wireless scheduler.

  4. For mode, select one of these options:

    • Active (Default) – The wireless network is active during the specified time windows. At all other times, the wireless network is inactive.

    • Inactive – The wireless network is inactive during the specified time windows. At all other times, the wireless network is active.

To add new schedule settings:

  1. In the Wireless Radio Edit window, click New.

  2. 2. In the new window that opens, under Choose Time, select:

    • Start time.

    • End time.

3. Under Choose Days, select the specific days.

4. Click Apply.

To edit the radio settings:

  1. In the Wireless Radio Edit window, click the Settings tab.

  2. Select the correct Operation mode, Channel, Channel width, and Transmitter power.

  3. Click Advanced to set the Guard Interval and Antenna control.

  4. Click Apply.

    This configuration is global for all wireless networks. Some options may not be available or allowed depending on your country's wireless standards.

    1530 / 1550 appliances only: The wireless client search options depend on the frequency that the appliance is set to. The Check Point Appliance can be configured to only one frequency at a time and is set to 2.4 GHz by default. If you change the radio settings to 802.11 ac or 802.11 ac/n, the frequency automatically changes to 5 GHz. The Home > System page shows the wireless radio status.

    1570 / 1590 appliances only: There are two radio transmitters: 2.4 GHz and 5 GHz. Each network is configured separately under a specified transmitter.

Dynamic Frequency Selection (DFS) detects radar signals that must be protected against interference from 5.0 GHz (802.11ac/n) radios. When these signals are detected, the operating frequency of the 5.0 GHz (802.11ac/n) radio switches to one that does not interfere with the radar systems. DFS is enabled by default.

To edit a wireless network:

Click Edit Settings.

The Edit window opens in the Configuration tab.

Configuration tab

Configure the fields in these tabs:

  • Network name (SSID) - Enter a name for the wireless network or use the default name. This is the name shown to clients that look for access points in the transmission area.

  • Use Hotspot - Select this checkbox to redirect users to the Hotspot portal before allowing access from this interface. Hotspot configuration is defined in the Device > Hotspot page.

Wireless Security

  • Protected network (recommended) - This is the recommended wireless security setting.

  • Security type - Select the security technology used in your wireless network. WPA/WPA2 is the most compatible option. WPA2 is the most secure.

  • Encryption type - Select the encryption method.

  • Authenticate using - Select Password or RADIUS server (Enterprise mode) to determine how the users authenticate.

    The Password option allows a single password for all users. This option is known as WPA Personal.

    The RADIUS servers (Enterprise mode) option requires defining RADIUS servers in the Users & Objects > Authentication Servers page. Each user that tries to connect to the wireless network is authenticated through the RADIUS server. This option is also known as WPA Enterprise.The 802.1x standard is used when WiFi Authentication is set to RADIUS Server (Enterprise Mode).

  • Network password - When authenticating using a password, enter a password or click Generate for an automatically generated password.

    Show - To see the password, select this option. To hide it, clear the checkbox.

  • Unprotected network (not recommended) - Without a password, any wireless client can connect to this network. This option is not recommended.

Advanced Settings

  • Hide the Network Name (SSID) - When selected, this wireless network name is not automatically shown to users scanning for them. Connecting to the wireless network can be done manually by adding the specified network name.

  • Allow Station-to-Station Traffic - When selected, allows wireless stations on this network to communicate with each other. When cleared, traffic between wireless stations is blocked.

  • Enable MAC address filtering - When selected, by default, all wireless devices are not allowed to connect to the wireless network. To allow a specific device to connect, add a new MAC address to the table. Click New, enter the device's MAC address and click Apply.

Wireless Network tab

Interface Connection

Assigned to - Select Separate network or one of the existing configured networks. When selecting a separate network configure this information:

  • IP address - IPv4 and IPv6 addresses

  • Subnet mask - for IPv4 addresses

  • Prefix length - for IPv6 addresses

DHCPv4 Server

Select one of the options:

  • Enabled - Enter the IP address range and if necessary the IP address exclude range. The appliance's own IP address is automatically excluded from this range. You can also exclude or reserve specific IP addresses by defining network objects in the Users & Objects > Network Objects page. Reserving specific IP addresses requires the MAC address of the device.

  • Relay - Enter the DHCP server IP address.

  • Disabled

IPv6 Auto Assignment

Select one of the options:

  • SLAAC (Stateless Address Autoconfiguration)

  • DHCPv6 Server - Enter the IP address range and the IP addresses exclude range

  • DHCPv6 Server Relay - Enter the DHCPv6 server IP address and the Secondary DHCPv6 server IP address

Access Policy tab

These options create automatic rules that are shown in the Access Policy > Firewall Policy page.

  • Allow access from this network to local networks (Wireless network is trusted)

  • Log traffic from this network to local networks

Advanced tab

Click the checkbox to exclude from DNS proxy.

Advanced IPv6 Settings

Configure the Router Advisement fields.

DHCP\SLAAC Settings tab

Note - In IPv4-only mode, this tab is called DHCPv4 Settings.

The values for the DHCP options configured on this tab will be distributed by the DHCP server to the DHCP clients.

DNS Server Settings (For DHCPv6/SLAAC)

Select one of these options:

  • Auto - Use the DNS configuration of the device

  • Use the following IP addresses - Enter the first, second and third DNS servers

DNS Server Settings (For DHCPv4)

These settings are effective only if a DHCPv4 server is enabled.

  • Auto - This uses the DNS configuration of the appliance as configured in the Device > DNS and Device > Internet pages.

  • Use the following IP addresses - Enter the IP addresses for the First DNS server, Second DNS server, and Third DNS server.

Default Gateway

Select one of these options:

  • Use this gateway's IP address as the default gateway.

  • Use the following IP address - Enter an IP address to use as the default gateway.

WINS

Select one of these options:

  • Use the WINS servers configured for the internet connection

  • Use the following WINS servers - Enter the IP addresses of the First and Second WINS servers.

Lease

Lease time - Configure the timeout in hours for a single device to retain a dynamically acquired IP address.

Other Settings

You can optionally configure these additional parameters so they will be distributed to DHCP clients:

  • Time servers

  • Call manager

  • TFTP server

  • TFTP boot file

  • X Window display manager

  • Avaya IP phone

  • Nortel IP phone

  • Thomson IP phone

Custom Options

Lets you add custom options that are not listed above. For each custom option, you must configure the name, tag, type, and data fields.

When you finish editing the network, click Apply.