Configuring Wireless Network

The Device > Wireless page shows the wireless network settings (if applicable). You can configure your main wireless network and also additional guest or standard wireless networks (VAPs - Virtual Access Points).

  • Guest wireless network - Uses hotspot by default and is unprotected by default (no password required).

  • Standard wireless network - Is a protected wireless network that requires a password and does not use a hotspot by default.

To delete the wireless network, go to Device > Local Network.

If multiple wireless networks (VAPs) are defined, the page shows them in a table, where you can add a new guest or standard wireless network and edit, delete, or disable existing ones.

To turn the Wireless network on or off:

  • Move the slider to select the On or Off option. If you configured multiple VAPs, selecting Off turns them all off.
    Note- If you turn off the wireless radio and then turn it back on, the VAPs remain disabled. To enable the VAPs, you must select the relevant entries in the table and click Enable.

  • To disable or enable the Wireless network, click Disable/Enable.

To edit the radio settings:

  1. Click Radio settings.

  2. Select the correct Operation mode, Channel, Channel width, and Transmitter power.

  3. Click Advanced to set the Guard Interval and Antenna control.

  4. Click Apply.

    This configuration is global for all wireless networks. Some options may not be available or allowed depending on your country's wireless standards.

    1550 appliances only: The wireless client search options depend on the frequency that the appliance is set to. The Check Point Appliance can be configured to only one frequency at a time and is set to 2.4 GHz by default. If you change the radio settings to 802.11 ac or 802.11 ac/n, the frequency automatically changes to 5 GHz. The Home > System page shows the wireless radio status.

    1590 appliances only: There are two radio transmitters: 2.4 GHz and 5 GHz. Each network is configured separately under a specified transmitter.

Dynamic Frequency Selection (DFS) detects radar signals that must be protected against interference from 5.0 GHz (802.11ac/n) radios. When these signals are detected, the operating frequency of the 5.0 GHz (802.11ac/n) radio switches to one that does not interfere with the radar systems. DFS is enabled by default.

To edit a wireless network:

Click Edit Settings.

The Edit window opens in the Configuration tab.

Configuration tab

Configure the fields in these tabs:

  • Network name (SSID) - Enter a name for the wireless network or use the default name. This is the name shown to clients that look for access points in the transmission area.

  • Use Hotspot - Select this checkbox to redirect users to the Hotspot portal before allowing access from this interface. Hotspot configuration is defined in the Device > Hotspot page.

Wireless Security

  • Protected network (recommended) - This is the recommended wireless security setting.

  • Security type - Select the security technology used in your wireless network. WPA/WPA2 is the most compatible option. WPA2 is the most secure.

  • Encryption type - Select the encryption method.

  • Authenticate using - Select Password or RADIUS server (Enterprise mode) to determine how the users authenticate.

    The Password option allows a single password for all users. This option is known as WPA Personal.

    The RADIUS servers(Enterprise mode) option requires defining RADIUS servers in the Users & Objects > Authentication Servers page. Each user that tries to connect to the wireless network is authenticated through the RADIUS server. This option is also known as WPA Enterprise.

  • Network password - When authenticating using a password, enter a password or click Generate for an automatically generated password.

    • Show - To see the password, select this option. To hide it, clear the checkbox.

  • Unprotected network (not recommended) - Without a password, any wireless client can connect to this network. This option is not recommended.

Advanced Settings

  • Hide the Network Name (SSID) - When selected, this wireless network name is not automatically shown to users scanning for them. Connecting to the wireless network can be done manually by adding the specified network name.

  • Allow Station-to-Station Traffic - When selected, allows wireless stations on this network to communicate with each other. When cleared, traffic between wireless stations is blocked.

  • Enable MAC address filtering - When selected, by default, all wireless devices are not allowed to connect to the wireless network. To allow a specific device to connect, add a new MAC address to the table. Click New, enter the device's MAC address and click Apply.

Wireless Network tab

Interface Connection

  • Assigned to - Select Separate network or one of the existing configured networks. When selecting a separate network configure this information:

    • IP address - IPv4.

    • Subnet mask - for IPv4 addresses

DHCPv4 Server

Select one of the options:

  • Enabled - Enter the IP address range and if necessary the IP address exclude range. The appliance's own IP address is automatically excluded from this range. You can also exclude or reserve specific IP addresses by defining network objects in the Users & Objects > Network Objects page. Reserving specific IP addresses requires the MAC address of the device.

  • Relay - Enter the DHCP server IP address.

  • Disabled

Access Policy tab

These options create automatic rules that are shown in the Access Policy > Firewall Policy page.

  • Allow access from this network to local networks (Wireless network is trusted)

  • Log traffic from this network to local networks

Advanced tab

Click the checkbox to exclude from DNS proxy.

DNS Server Settings (For DHCPv4)

These settings are effective only if a DHCPv4 server is enabled.

  • Auto - This uses the DNS configuration of the appliance as configured in the Device > DNS and Device > Internet pages.

  • Use the following IP addresses - Enter the IP addresses for the First DNS server, Second DNS server, and Third DNS server.

Default Gateway

Select one of these options:

  • Use this gateway's IP address as the default gateway.

  • Use the following IP address - Enter an IP address to use as the default gateway.

WINS

Select one of these options:

  • Use the WINS servers configured for the internet connection

  • Use the following WINS servers - Enter the IP addresses of the First and Second WINS servers.

Lease

  • Lease time - Configure the timeout in hours for a single device to retain a dynamically acquired IP address.

Other Settings

You can optionally configure these additional parameters so they will be distributed to DHCP clients:

  • Time servers

  • Call manager

  • TFTP server

  • TFTP boot file

  • X-Windows display manager

  • Avaya IP phone

  • Nortel IP phone

  • Thomson IP phone

Custom Options

Lets you add custom options that are not listed above. For each custom option, you must configure the name, tag, type, and data fields.

When you finish editing the network, click Apply.