A "hardware" firewall is a misnomer. What is usually meant by this is an embedded computer running some software for network routing, often linux. It's no more hardware than another PC. A shortcoming of such a device is that it can only differentiate between computers and port numbers, not applications. It is convenient for setting up filters that apply to all computers on the network where configuring a firewall would be impractical, fresh installations, guests, portable devices.