Difference between Hardware firewall and software firewall
Which firewall is best?
Well this question again generate a cross question.
What are your requirement?
If you need to protect your network through IP based regardless of Application using the port. Hardware firewalls has a strong and fast protection from most forms of attack coming from the outside world. Hardware firewall has a designed technique called packet filtering that examines the header of a packet to determine its source and destination addresses [IP’s]. This information is compared to set rules that determine whether the packet is to be forwarded or blocked
Now days a new technique called Stateful Packet Inspection (SPI) is used in firewall
That check the origin of packets that means it check whether the response is from internet, if yes whether it is the requested response for a machine from local network.
If yes the allow traffic
Bad thing is that, if, say, you get email containing WORD doc that has spyware/Macro hidden in it, which communicate to outer world when WORD file is opened/executed.
Your hardware firewall will allow communication to outer world and the requested incoming packets too, as the packet origin was from local network,
Resulting Machine infection