Wombat the number of scans which are done every second for dubious reasons is very high.

If your a network peep the best way to stop these getting through to your network is by nipping it in the bud as the wire comes through the wall.

Having a black box solution means that you don't have to use resources on the client to do the same function. The black box will quite happily do it with its cut down OS with no degrading of its function.

A client with its software firewall will have to give ever increasing reasources to scanning and deciding what gets through its ports. Basically its the same as the old ping attacks of 10 years ago where you could kill a server by just pinging its IP address millions of times.

Even if you want to keep the software firewall working and isolating the client behind the blackbox you will decrease the number of CPU cycles riquired by the firewall. Thus you will see an increase in speed of the machine.