Does anyone make a small form factor firewall that is manageable by a web interface, with a rule based configuration similar in principle to Checkpoint's, but is designed for individual computers or a very small network? I'm interested in possibly putting a few of these in front of key network management stations. Because of rootkit viruses, I no longer believe that in what a software firewall's logs tell me. The rootkit can simply hide network activity in the kernel and report back only what it wants you to see. Because I would use these firewalls one per workstation, I don't want to be spending $1K or $2K per box.
Some very desirable features:
1) A hard lockout on the firewall that would prevent any configuration changes or administrative logins unless a button or knob were pressed. Having a hard-wired read-only mode would prevent a trojan that sniffs your keystrokes from doing much of use with the userid and password of the external firewall.2) Low cost, under $500/firewall.
3) GigE Support. These are being used on an internal network and I don't want to sacrifice speed.4) Support for mail alerts as well as alerting back to a GUI gadget on the Windows desktop.
Are there any good options for this product?