I have two incoming Internet connections connected to a Netscreen firewall (#1 and #2). I have IAP-115's with a guest network and controller-assigned IPs. I would like all traffic on the guest network to be directed to one connection (#2), while the employee SSID (which has network assigned DHCP) continues as normal (connection #1).


So, the question is: is it possible to force all traffic on the guest SSID to a single IP as it's next hop router? That way, any guest traffic gets directed to port #2 on the firewall. Or is it possible to have all traffic from the guest SSID come from a single IP (but not the virtual controller address)?

It would probably be best to have your client L3s in your firewall and trunk down to the APs. Then you can control routing on your firewall.

