At the minute I'm just using 2 standard broadband routers, but their firewall rules capabilities are limited. What I'm looking for is a firewall where I can say block all in / outbound connections except ... then list a range of rules. A bit like how windows firewall or zonealarm works only I want a device not a computer based solution. e.g. outbound port 80 all IPs outbound 3389 to [specific IP(s)] inbound 80 to [specific IP - NAT] Ideally it will allow me to specify an IP, a selection of IPs or a range. and handle my NAT/DHCP as with my router. The second firewall I use to segment my NAS / CCTV. So for this it ideally needs to have a high throughput. i.e. shoot for 1Gps. this device just needs simple filtering rules so that I can restrict traffic to simple ports and IP addresses. Would a managed switch do this? Given that this is a home/business setup ideally I'm looking at < £100 (150 USD), but that might limit the features especially on the throughput front so any guidance appreciated.