Advantage of hardware firewalls over software firewalls?
All firewalls are software.
Hardware firewalls
...are a physically separate entity, using dedicated hardware. Because they are a specialized device, the hardware & software is minimized in an effort to make them more secure. The less there is to exploit, the less chance of being exploited...
The cost effective alternative is to setup a *nix/BSD box, using:
- Pentium 100+
- 1+ GB hard drive
- 2 Network Interface Cards (NICs)
- 1+ wireless adapters
I recommend using OpenBSD & PacketFilter (PF), assuming that's still current. Otherwise look at Linux's IPTables.
What you get when you buy a hardware firewall from a vendor is a turn-key solution. You unbox it, plug it in, login & configure what rules you need. If there's an update, you apply the patch/firmware. You get a nice web interface GUI. But these days, software like DD-WRT provides the same stuff on your router/firewall...
Software firewalls
...reside on the host itself. Because they have to be accessible to the user, they can be turned off at will (permissions allowing). And because they reside on an OS tailored to users, more services are on - increasing the possibility of exploitation/circumvention.
If you're really concerned with security
...you'd employ the "onion" defence: You implement multiple layers of security, by having both a hardware firewall and software firewalls on each host in your network.
Hardware firewalls as a general rule tend to be more reliable and faster. Since the manufacturer can choose/build the OS, they can make it very specific to supporting a firewall. Software firewalls don't have this luxury. They are dependent on the OS they are installed on.
That being said, there are many good software firewalls. Some, like iptables, are even free. If you are looking to protect a medium to large business network, then IMO you should choose a hardware firewall.
I think you hit the nail on the head with your question, it's really the same question: you get what you pay for.
EDIT: Another thing that should matter to you is ICSA certification. There are about 20-25 hardware firewalls on this list and about 50 software firewalls, including personal firewalls.
In my experiences it's mainly a maintenance issue. Hardware firewalls by and large come with everything pre-installed (OS on up), just plug it in and you're close to having a functional unit. Many of them will also come with options that will let you quickly define your policy rules and whatnot in order to get you going quickly.
Updating them is typically just a matter of applying a firmware update. This is often a big advantage since all of the patching and updates are really done by the vendor, you just have to load the patched image.
In my opinion, it just depends on your environment, experience and your needs whether or not there's a real advantage.