First thing I would do is <b>change from WEP to WPA</b>, it is <b>MUCH</b> stronger protection, and does not have the vulnerabilities of WEP. That alone will secure the wireless network.
Putting a firewall between the wireless and wired networks is perfectly feasable. If in ‘normal’ mode then the wireless network will be one subnet, and the wired network a differnet subnet, and the firewall routes between them. Some firwalls can also work in transparent mode, which means that the wireless and wired networks are on the same subnet, and the firewall operates at layer 2.
However, I am not sure what you think the firewall will do for you. Unless it also has virus/trojan/malware scanning capability, and the wireless clients are thought to be likely to be infected from connection to other networks, then the firewall is not really going to increase the security of your network (providing you changed to WPA from WEP).
The firewall restricts what can be accessed. In normal deployment, it sits between your network and the Internet, and allows you to access anything on the Internet, remembers what conversations you are having, and allows back the replies. What it stops is anything initiated from the Internet back to you, unless you make exceptions in the rules, such as when you host a webserver, or mailserver. That is how it protects your network, so putting it between a trusted wireless and trusted wired networks is not a particularly good place for it to go.
I cannot stress this enough. <b>CHANGE FROM WEP TO WPA</b>. Then you can sleep easy in your bed at night, and all the paranoia will go 🙂
Discuss This Question: 2  Replies