Small Form Factor Firewall

Does anyone make a small form factor firewall that is manageable by a web
interface, with a rule based configuration similar in principle to
Checkpoint's, but is designed for individual computers or a very small
network? I'm interested in possibly putting a few of these in front of key
network management stations. Because of rootkit viruses, I no longer
believe that in what a software firewall's logs tell me. The rootkit can
simply hide network activity in the kernel and report back only what it
wants you to see. Because I would use these firewalls one per workstation,
I don't want to be spending $1K or $2K per box.

Some very desirable features:

1) A hard lockout on the firewall that would prevent any configuration
changes or administrative logins unless a button or knob were pressed.
Having a hard-wired read-only mode would prevent a trojan that sniffs your
keystrokes from doing much of use with the userid and password of the
external firewall.

2) Low cost, under $500/firewall.

3) GigE Support. These are being used on an internal network and I don't
want to sacrifice speed.

4) Support for mail alerts as well as alerting back to a GUI gadget on the
Windows desktop.

Are there any good options for this product?