It’s not so much what firewall you pick, but how you configure it and how you handle the wireless access (encryption, VPN, etc).
I would strongly suggest you place all your wireless clients and access points in a DMZ well separated from your LAN. This way you can decide what they are allowed to do. And you never know, your existing firewall (you do have a firewall, don’t you?!) may already have a DMZ port which you could use for that purpose.