Recommend edge/switch/WAPs distributed small office

First post here.

We're a small TV/Film post-production group. We've been getting by with SoHo and consumer hardware, but I think we need to invest in some more enterprise-level infrastructure now for reasons of security, performance, and ease of management. I've read about many different brands and others' posted opinions, and it all leaves my head spinning. I'm trying to find what is right for us.

I realize there's a ton of "what do you recommend" posts already, but I feel like none of them quite fit our situation. I'll probably reveal how little I know with this post, but I've gone about as far as reading can take me without some human help.

Background

We work with intellectual property, so I've always been worried that our security isn't robust enough. Besides that, we're now adding some remote workers in other cities, and so we need to extend an always-on VPN to them with good performance and not compromise security in doing so. We also have team members traveling more, so want to have a good VPN solution they can take with them on the road.

Additionally, our customers have urged us to give them on-demand access to client data so they can help themselves to it, which would likely take the form of a self-hosted solution like NextCloud on premises, or else mirroring data to something like Backblaze.

We're self-supporting power users without an IT staff. I'm the savviest, with a background in IT as it was my first career (but from a long time ago - I've devolved into a glorified power user now). So it falls to me to design/build/deploy/maintain whatever our solution is. There's also a ton of reluctance to move away from this low overhead model, so costly integrators, support contracts, subscription fees, etc., are not likely to get a consensus nod. I know all the arguments about what our downtime is worth, etc., but I'm not the one to convince on that front. Our group is willing to make some up-front investment, but strongly dislike the commitment of ongoing fees unless it's something very modest (a few hundred a year is OK, but they are not going to spend thousands).

Current Setup

Main Office

• 5 power users doing editing / color grading / VFX
• Up to a dozen freelancers who sometimes come on to do additional VFX / editing
• NAS and workstations connect over 10GbE to a Netgear X7S16T-100NES switch
• Other clients and low bandwidth devices connect to a 1GbE Netgear M4100-D12G switch
• 1Gb ISP connection
• Asus RT-AC5300 is our edge router and WAP, with both switches connecting to it.
• We run the firewall in the Asus, as well as that built-in to Windows on each client.
• FTP is used to send/receive files to collaborators and clients, or we ship on a hard drive if it's >500GB or so
• OpenVPN is used for remote connection

Remote Office (#1 and #2, both the same)

• A couple of Windows workstations with Windows firewall turned on
• DAS for a local cache of files
• 1Gb ISP connection
• Asus RT-AC5300 as gateway and WAP
• OpenVPN (not always on, start it when needed)

What do we need?

I'm looking for a recommendation of the whole stack. The main edge device, the switches and WAPs, the remote Edge device / switch / WAP, whatever kit we might take with us while traveling and working remote (unless it's a software-only solution), etc. I'm OK throwing out what we've got, if that makes sense.

My "dream" solution, as far as I can determine, would be something like this:

• User-friendly GUI interface, easy for me to understand, that integrates all the management into a single pane of glass.
• Straight forward initial setup. I should be able to get it up and running in a week or less, including whatever necessary study, or else it's too complex.
• Low maintenance. I don't want to spend more than an hour or so a week maintaining this.
• Smart enough to stay updated against threats, proactively alert me, etc., without me having to be a security expert or monitor it constantly.
• NGFW that could throughput 1Gb symmetrical performance from main office with VPN, DPI, IPS, and QOS all turned on (assuming I need all these to be secure?)
• Upgrade path to higher performance (i.e. 10Gb) on the NGFW if/when we upgrade our ISP service
• Dual ISP support (aggregate performance, QoS, high-availability, etc.)
• 3-5 WAPs in main office
• VPNs to separate IOTs, home, guest, general, production, and management networks.

Notions and Preconceptions

I have ideas, not sure if they're misguided.

• Gateway/Firewall: Thought of building a PFsense or OPNsense box around a Xeon D-1500 platform, or maybe trying Sophos on it. But then it seems like a lot of tinkering, and that only multiplies when I think of how to manage the requisite box at the remote locations as well. Also thought of Sophos or Fortinet box with their requisite subscriptions. Sonicwall marketing makes their boxes sound like magic how you can mail it to a branch office and setup so easily, but there's a lot of hate for them online too. I have no first hand experience with any of them, so my head is spinning.
• Cisco and some other enterprise gear seems too expensive, too much to master, and too CLI-oriented. I'm OK with command line, but if all else is equal I'd rather have a GUI for most functions and CLI for occasional advanced use.
• WAPs: Thought of Ubiquity Unifi, throwing their management as a VM on the server.
• Switches: Had though of just using our Netgear stuff unless it turns out we need more sophisticated switches, or that I'd get much easier management by putting it all in one brand.

Am I asking for the moon, or is there a product stack that would elegantly accomplish all this without breaking the bank / incurring high subscription fees?