Scott,
You could purchase a firewall - but generally guest WLAN's are unsecure and no-one really cares. The only thing you want to do is protect your internal network from the Guest WLAN.
What I would do is just write an ACL in the controller - the ACL would limit what Guest WLAN traffic could do:-
Allow ICMP echo & echo-reply only
Allow DNS
Deny any other 1918 traffic to/from the Guest WLAN
Allow everything else.
Create a specific VLAN just for the Guest WLAN, trunk this to the ADSL router, then it's all good.
HTH>