Fair enough as that's a huge part of the problem. Yet, if firewalls should be trusted, they need to meet these basic critera:

1. Attention paid to firmware security and its ability to load kernel.

2. Firewall TCB is strong in that it can prevent or contain compromises.

3. Each component is isolated with restricted interactions subject to believable security arguments, static analysis, or formal verification.

4. Every piece of every packet is inspected for foul play.

5. Covert storage and timing channel mitigation is in place.

6. Supports application-layer security for whatever it's being used for.

Can you name a single firewall that meets all these criteria? That's how guard's were designed in the past before firewalls got invented to ignore most of that. So, firewalls (in theory and practice) are technically incapable of doing their job unless the coders were nearly perfect. Then, they're marketed as doing much more than they can. So, why people demand firewalls instead of companies getting the cost of guards down is beyond me.

Here's an example of a real firewall that is more like a guard in practice:

http://www.sentinelsecurity.us/HYDRA/hydra.html

A nice architecture combining highly assured firewalls and SNS Server guard (15-20 years without compromise) with COTS enhancements for quite a security argument:

http://www.dtic.mil/dtic/tr/fulltext/u2/a425566.pdf

Once I see the real thing, esp seeing NSA pentesters achieve nothing, it's hard for me to make excuses for security engineers making the same mistakes for years despite being shown what works. I've sent about every firewall vendor validation reports of what made it and why. They don't care and that's why firewalls are some stupid crap industry trusts but shouldn't.