There are a lot of hardware firewalls out there, but what is their advantage / use over software firewalls, as I can also easily set those up without having to buy pricy hardware firewalls?
Are there any reasons for choosing a hardware firewall over a software firewall?
Best Answer
All firewalls are software.
Hardware firewalls
...are a physically separate entity, using dedicated hardware. Because they are a specialized device, the hardware & software is minimized in an effort to make them more secure. The less there is to exploit, the less chance of being exploited...
The cost effective alternative is to setup a *nix/BSD box, using:
I recommend using OpenBSD & PacketFilter (PF), assuming that's still current. Otherwise look at Linux's IPTables.
What you get when you buy a hardware firewall from a vendor is a turn-key solution. You unbox it, plug it in, login & configure what rules you need. If there's an update, you apply the patch/firmware. You get a nice web interface GUI. But these days, software like DD-WRT provides the same stuff on your router/firewall...
Software firewalls
...reside on the host itself. Because they have to be accessible to the user, they can be turned off at will (permissions allowing). And because they reside on an OS tailored to users, more services are on - increasing the possibility of exploitation/circumvention.
If you're really concerned with security
...you'd employ the "onion" defence: You implement multiple layers of security, by having both a hardware firewall and software firewalls on each host in your network.