So that means that the OS firewall is safe enough that I shouldn't worry about it being compromised? I suppose the HW firewall could also be compromised, but it does give a bit of extra piece of mind.
In isolation yes - it is unlikely the vector of attack would (ever) be the firewall itself. In fact I think system level attacks are less likely than application level attacks (SQL injection, XSS..etc)
I think you really get some performance features (like SSL offloading...etc)
I think you really get some performance features (like SSL offloading...etc)