For firewalls I only really know the Cisco stuff, but the entire ASA-X line supports L4-7 filtering, IPS, identity, etc, plus much faster firewall throughput. All in hardware, at least in theory. Also I agree with RadiclDreamer that ASDM has come a long way - I heard that Cisco hired a bunch of...