I would like to add public wireless access points through our building for private parties and individuals to use our internet connection. However, I do not want to put these people directly on our LAN and share the same address space.
I also realize somebody has to hand out IP addresses for these wireless victims. I don't want my Domain Controller doing this...
My question is, not only I don't want to share the same address space, I do not want to share the same "wire". So, are my choices correct:
A.) get a firewall that supports at least 3 Fast Ethernet ports (1 to Gateway router, 1 to Private LAN, 1 to Public Wireless Lan)
B.) get a firewall that supports 2 ports (1 to Gateway Router, 1 to Private LAN). Then take another router and place it from the Private LAN to the Public Wireless LAN?
C.) Put a HUB between the Gateway Router and a 2 port firewall. Then connect the public people at the hub with another router.
Option A is more expensive, firewall's with more ports seem to be $2500++
Option B seems like it would be quite easy, but am I missing anything in my security thought process?
The moral of this story is:
I need to buy a firewall. I'm budgeted for a PIX 506. Can I accomplish what I need to do with a 506 without jumping to a 515?
Thank you in advance,