What sort of switch are these APs connected to? Aaron T. Rohyans Senior Network Engineer CCIE #21945, CCSP, CCNA, CQS-Firewall, CQS-IPS, CQS-VPN, ISSP, CISP, JNCIA-ER DPSciences Corporation 7400 N. Shadeland Ave., Suite 245 Indianapolis, IN 46250 Office: (317) 348-0099 Fax: (317) 849-7134 arohy...@dpsciences.com http://www.dpsciences.com/ "I want an Anti-Virus system that sends Arnold back in time to kill the hacker as a small child before he invents the virus..." "There are 10 kinds of people in this world... those who can read binary, and those who can't"
-----Original Message----- From: Angus Scott-Fleming [mailto:angu...@geoapps.com] Sent: Wednesday, December 16, 2009 3:26 PM To: NT System Admin Issues Subject: Re: Protecting LAN access from Wireless Access points On 16 Dec 2009 at 16:03, Mark Robinson wrote: > > Hi, I currently have two wireless access points that provide wireless > access to the corporate LAN in two meeting rooms. To satisfy PCI compliance, > I need to install a firewall between each access point and the LAN and only > allow traffic from our corporate IP range through to the LAN. Has anyone done > this before, and can you recommend any firewalls that will do the job? I have > installed Smoothwall onto a PC and played around with it but I´m not sure if > it´s the best solution for what I need. Thanks, Mark Smoothwall will do the job, as will IPcop (a fork of Smoothwall which I prefer) and pfSense and most other FLOSS firewall distros. In IPCop you would set up a RED - BLUE - GREEN network with 3 NICs, RED being the Internet, GREEN being the LAN and BLUE being the WAPs. I have this at one of my sites. My green LAN is 10.79.2.x while my blue LAN uses 192.168.79.x. The blue LAN can only see the gateway, they don't even know about the 10.79.2.x space. IPcop can provide DHCP services for the blue LAN as well as for the green LAN. http://ipcop.org/ -- Angus Scott-Fleming GeoApps, Tucson, Arizona 1-520-290-5038 +-----------------------------------+ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~