Evening everyone,

Trying to come up with a solution for a friend of mine with a guest house.  Had the classic thing where he was just sharing his home network connection with guests of a separate access point thinking wireless isolation was protecting was doing its job.  Off course as soon as that traffic hit the LAN they could see his network.  So the plan was to put a security device in the mix so we dont have to reinvent the wheel.  Have done this before with a transparent firewall and seeing will the ER605 be suitable for what i need.  So what i would like is:

AP----------ER605 (Dhcp Server 192.168.1.128/25)---------LAN Switch (all home client devices)--------Fibre Router (DHCP Server 192.168.1.1/25)

Would want a rule on the ER605 denying access to the 192.168.1.1/25 from the 192.168.1.128/25 range followed by a rule allowing the 192.168.1.128/25 out the internet.

Would this be possible?

Thanks in advance