"Brian Kelsay" <bkelsay at comcast.net> wrote: > When you build your firewall, choose one that has a built-in DMZ capability. > This is where your external webserver, ftp, etc. servers go. On my firewall ... and put the WAP in the DMZ. Let encrypted traffic tunnel into your VPN - assume that anything else coming into the WAP could be from a cracker.