Yes, find someone who knows something about networking and more importantly about firewalls Try someone who has a CCSP or CCIE:Security as part of their title. Some of the things you are talking about have existed for years on Cisco Pix and ASAs like downloadable ACLs (Where based on your credentials you get firewalled differently) which can be applied across a whole enterprise of firewalls. Dynamic inspection of traffic, like h.323 traffic, so you don't have to open a whole range of ports other than the signalling port.
Dear lord, gui based management of a fleet of firewalls? You want to drag and drop things and make magic happen when you do that? Sounds pretty reckless and dangerous to me. That's like saying because you can ride a bicycle, you should be allowed to drive a hazmat semi at top speed through downtown LA. If you don't understand what the rules are and how they will be applied in the first place, you are likely just going to cause problems (like accidentally shutting off your company's ability to sell their trinkets online because you locked it down on accident.)
By the way, I don't care what the kid from the nerd herd tells you, Belkin and Linksys do not sell firewalls. They sell quasi-routers with nat and some limited form of access control. Finally, UPnP is not the answer to your problem, that just makes it easy for people to put devices on your network to open security holes up in your firewall, which is why it's not supported on most enterprise grade firewalls (and wouldn't work anyway if you looked at the way most enterprises build their networks)