RE: Good Wireless Firewall/Router?

["Hayes, Ian" <Ian.Hayes () wynnlasvegas com>]

> -----Original Message-----
> From: astalavista.box.sk () gmail com
[mailto:astalavista.box.sk () gmail com]
> Sent: Tuesday, October 18, 2005 6:55 AM
> To: security-basics () securityfocus com
> Subject: Good Wireless Firewall/Router?
>
> This is for a home implementation...
>
> My goal is to allow wireless LAN users that connect to an AP to go out
to
> the internet but have no ability at all to connect to any of the
servers
> plugged into the wired ports on the AP/Router.  What is the cheapest
way
> to get this done with hardware?
>
> I am thinking I either need a lniksys type wireless router that
supports
> ACLs between wireless and wired or just allows me to put ACLs on ports
>
> Or some small linksys type router/AP that can treat wireless users as
> though they are in a DMZ (allow only outbound while allowing internal
> hosts outbound and to DMZ)
>
> I dont have a spare PC lying around that is quiet enough for me to
want it
> in my room running 24x7 or I would just do some sort of linux FW...and
a
> netscreen or 506 are gonna be too $$$$ so I am hoping linksys or
netgear
> or someone offers this....any ideas?


Are you sure that you looked at the right Netscreen product? They have a
new 5GT with a wireless AP built into it that will do precisely this.
They should cost under $1000. If that's too much, you can pick up a
cheap firewall/router that has a DMZ security zone and stick an AP on
it. You'll have to watch how the manufacturer defines what a DMZ is-
definitions vary from vendor to vendor. I've seen one that considered
portfowarding all ports to one IP to be a DMZ.

--
Ian Hayes | Senior Systems Engineer
Wynn Las Vegas
3131 South Las Vegas Blvd, Las Vegas, NV 89109
Ph (702) 770-3252 | Cell (702) 266-6002
Ian.hayes () wynnlasvegas com