We are looking for a new firewall solution as our current one no longer does what we need.
I know Cisco seems to be the defacto standard, but it is horribly expensive and through its popularity does seem to be the target of hackers (like windows) and I have seen a number of serious security flaws and vulnerabilities. In fact the recent spout of cyber terrorist ARP network attacks would have all got through a cisco I am told, but our firewall held up as it was not vulnerable, probably due to it being a lesser known brand.

So I am looking for alternatives to Cisco.
Primary requirements are:-

1. simple to use web interface
2. API so we can integrate with our provisioning systems.
3. user/group/rules management so that we can allow customers to login and manage their own rules for their own servers.
4. VPN support, OpenVPN would be nice
5. 1 to 1 NAT

There is also one very specific feature I am searching for a solution to, I managed to do this on an ADSL router, so I presume it must be possible on a larger scale.
We want to be able to forward requests to an IP:port based on the host header rather than IP address to reduce dedicated IP usage for SSL.
So if we have a server with 100 websites all on the same IP, any that use a SSL, we only have to put then on a static NAT IP rather than a static LIVE IP.
Hope that makes sense.