Personally, I don't believe in hardware firewalls. They have a great downside which is impossible to compensate: they cannot regulate traffic based on application, but only based on packet contents. DPI/IDP is hardly an argument for hardware firewalls, because these can be done in software too (and many software does them), in fact much more effectively than in hardware because, again, hardware can only look at packet contents, while host-side software can also look at application behaviour.Now if I want a serious FW, I will go with corporate grades ones available in business solutions (SEP, Sophos, etc...), which have IPS/IDS, etc...and if I'm wealthy enough, I would go with a Hardware FW (but this is extreme for a home user lol).
Some people argue that the advantage of hardware firewalls is they run on a separate machine, so they are unaffected in case of an infection. This is only partially true. Yes, they are unaffected when your host computer gets infected (which gets easier to infect however because your hardware firewall can only filter on packet contents). But hardware firewalls can also be targeted by malware, and history has proven they are just as vulnerable to such attacks and contain serious security flaws like any other software. Don't believe me? Here is a link to Cisco's security advisories: in their networking OS, there have been 25 documented security flaws in September alone (a single month!), and over 70 over the whole year of 2019. Except, they are much worse, because independent security researchers normally can't look at them due to the needed hardware, their cost, licensing, specialized tools needed, and generally due to being an extremely closed ecosystem.