Not yet, still in software.

I've got an Edgerouter X SFP which will do VLANs and 300 fibre fine in a nice tidy box. Message if interested.

RunningMan:

 

Not yet, still in software.

 

Apart from Switching pretty much everything is CPU based on a Mikrotik, This is fine as long as you get the device to suit your throughput so its not really an issue I would suggest.

nztim:

 

All these devices require securing, so make sure you know what you are doing

 

Yep, if the average person takes the Mikrotik default config/firewall and they just modifies to suit they are golden. If someone who does not know how to use them thinks they can start with a blank config then we have an issue.

noroad:

 

Yep, if the average person takes the Mikrotik default config/firewall and they just modifies to suit they are golden. 

 

That is not entirely true

For example, the default mikrotik config is setup for DHCP on untagged VLAN on ether1 if you move to PPPoE (tagged or untagged) or DHCP on VLAN10 and don't modify the rules to secure VLAN10 or a PPPoE interface you leave a big gaping hole

nztim:

 

 

 

That is not entirely true

 

For example, the default mikrotik config is setup for DHCP on untagged VLAN on ether1 if you move to PPPoE (tagged or untagged) or DHCP on VLAN10 and don't modify the rules to secure VLAN10 or a PPPoE interface you leave a big gaping hole

 

 

 

Fair enough, all though A DHCP server facing the LFC/ISP is extremely unlikely to be exploited to be fair.

noroad:

 

Fair enough, all though A DHCP server facing the LFC/ISP is extremely unlikely to be exploited to be fair.

 

Referring to DHCP Client

nztim:

 

That is not entirely true

 

For example, the default mikrotik config is setup for DHCP on untagged VLAN on ether1 if you move to PPPoE (tagged or untagged) or DHCP on VLAN10 and don't modify the rules to secure VLAN10 or a PPPoE interface you leave a big gaping hole

Also not entirely true. This only applies to low end/consumer routers. Others have no config to speak of and you need to start from scratch.

noroad:

 

RunningMan:

 

Not yet, still in software.

 

 

Apart from Switching pretty much everything is CPU based on a Mikrotik, This is fine as long as you get the device to suit your throughput so its not really an issue I would suggest.

 

(... without mentioning Manual:IP/IPsec - MikroTik Wiki and L3 Hardware Offloading - RouterOS - MikroTik Documentation which won't be relevant to the OP)

RunningMan:

 

Also not entirely true. This only applies to low end/consumer routers. Others have no config to speak of and you need to start from scratch.

 

If you are configuring any enterprise or service provider router without knowing what you are doing you clearly have larger issues

Thank you again everyone for the suggestions and offers. I need to take a little bit of time to work through what is a good solution for me, and then I will be in touch with those who have made offers either one way or the other. 

I use one of these, works great with 1gig fibre

https://www.tp-link.com/au/business-networking/omada-sdn-router/er605/

Another well priced option is the Grandstream GWN7001/7002/7003.

Ranging in price from $93+gst to $153+gst for the GWN7003, all via www.gowifi.co.nz 

All support 1G fibre, and all support VLAN's, up to 16 for the 7001/7002, and 32 for 7003.
https://documentation.grandstream.com/knowledge-base/gwn700x-user-guide/#technical-specifications

I run 2 x 7003s, in two separate locations (one on 1G fibre, other on 4G data) with a site to site vpn between.
User friendly UI, reliable, and much improved compared to grandstream's older gwn7000 model from a few years ago (which suffered from minimal updates).