Tldr: figured out that I need to get a router, not a switch.

Hello everyone, even though I am an IT expert for servers, my knowledge is verly little when it comes to Network. So i ended up in this subreddit when I was asked to isolate 4 device into a vlan at my home. When I understood my sources correctly, I need a layer 3 switch to route and aggregate the traffic, can you confirm that? Do you have some suggestions?

But first some more informations about my network: Internet is provided by an FritzBox 6591 Cabel. Than 2 switches supply approx 24 wall sockets and two Ubiquity in Wall Access Points. Now I need to put some IoT-devices into the garage which is accessible from outside. I will lay a new cable.

I want to limit internet access of those IoT-devices to specified web services, I want no access of that devices to my normal home devices and (optional) in some cases I want to access the devices in the garage (port 8080 or 80 or so).

At first I came up with this: https://eu.store.ui.com/collections/unifi-network-routing-switching/products/unifi-switch-lite-8-poe but I am not sure if a layer 2 switch is sufficient for my use case (to store the routing rules). The difference to a layer 3 switch: https://eu.store.ui.com/collections/unifi-network-routing-switching/products/switch-enterprise-8-poe is huge.

It would be great to get some suggestions from you. Maybe you have a clue. Thank you very much! Ben

[EDIT1:] My problem is, that my ISP Router (Fritz Box Cable) does not provide any VLAN functionality or similar. I can add a static route and I can filter the outgoing traffic based on the device but this is not really what I want.

So I thought a Layer3 Switch solve my problem. But to be honest I get the feeling I rather need a another router (including some firewall features instead of a Layer 3 or layer 2 switch.

Am I on the right track?