I'm looking for an external firewall recommendation for a client who wishes to support both a (small) SBS LAN and a separate guest VLAN, for both Ethernet and WiFi access. The firewall should provide VLAN support, multiple-SSID WiFi and DHCP for the guest VLAN, but not the SBS LAN. My full list of requirements is given below.
It is easy enough to fulfill all the requirements with multiple devices (with a separate WiFi router for the guest VLAN, hung off the main firewall), but the client would like to minimize number of the WiFi signals (hence the need for a single device with multiple WiFi SSID support).
The problem is that most firewall vendors' sites do not contain sufficient detail to make an informed decision, so I am looking for other people's experiences with various devices. Here is the full list of requirements:
- Dual WAN ports (either 1 ADSL and 1 Ethernet, or both Ethernet), with load-balancing and/or fail-over.
- SPI, DoS defence and NAT (with port forwarding, DMZ).
- At least one GB Ethernet port, preferably more (but one GB with 3 10/100 ports will suffice).
- VLANs (port-based and WiFi VLAN and/or separation).
- WiFi g/n, with multiple SSID support.
- Different security per SSID: WPA/2 + RADIUS for SBS LAN, WPA/2-PSK, etc.
- Dual subnets, with Dual DHCP servers that can be allotted to VLANs.
- VPN support: site-to-site, PPTP, L2TP/IPSec, pass-through. 5 tunnels should suffice.
VoIP (SP) support would be a nice-to-have, but optional, as would QoS. I'm not looking for a UTM device at this time. Any feedback will be appreciated. TIA.
|