Small Switch With One Promiscious Port Multiple Private Ports

Does anyone make a small switch (six to 16 ports) that has one or two
promiscuous ports (for connection to a router or firewall), and the
remaining ports all implemented as private ports that cannot pass any layer
2 information between them? The application for this is DMZ segments of a
firewall, where you want to enforce a policy that all traffic on the DMZ
must pass through the firewall, and no activity between machines within a
DMZ segment is allowed.

I realize you can do this with some Cisco switches in a VLAN, but I would
prefer to find a product that is shrink wrapped to the application, and I
strongly prefer to have physical separation of each DMZ segment to a
separate switch.

--
Will