My wireless users are on a vlan. But the problem is currently they can access my internal network and I'd like to block that. I am not sure how I will accomplish this. The wireless users are connected to the APs and they are communicating with a controller. I was thinking may be this is the job of the firewall. But the wireless vlan is on the core and the core is doing the routing. So I am not sure how this will be done because the traffic will be routed before it hits the fw. So I am not sure how this will be accomplished.
Below is the high level setup. The internal network is not shown but it is connecting to the L2 switch.
fw<-->L3 WAN switch<-->core1<-->L2 switch<-->Meru controller