There are a lot of hardware firewalls out there, but what is their advantage / use over software firewalls, as I can also easily set those up without having to buy pricy hardware firewalls?
Are there any reasons for choosing a hardware firewall over a software firewall?
All firewalls are software.
Hardware firewalls
...are a physically separate entity, using dedicated hardware. Because they are a specialized device, the hardware & software is minimized in an effort to make them more secure. The less there is to exploit, the less chance of being exploited...
The cost effective alternative is to setup a *nix/BSD box, using:
I recommend using OpenBSD & PacketFilter (PF), assuming that's still current. Otherwise look at Linux's IPTables.
What you get when you buy a hardware firewall from a vendor is a turn-key solution. You unbox it, plug it in, login & configure what rules you need. If there's an update, you apply the patch/firmware. You get a nice web interface GUI. But these days, software like DD-WRT provides the same stuff on your router/firewall...
Software firewalls
...reside on the host itself. Because they have to be accessible to the user, they can be turned off at will (permissions allowing). And because they reside on an OS tailored to users, more services are on - increasing the possibility of exploitation/circumvention.
If you're really concerned with security
...you'd employ the "onion" defence: You implement multiple layers of security, by having both a hardware firewall and software firewalls on each host in your network.
Hardware firewalls as a general rule tend to be more reliable and faster. Since the manufacturer can choose/build the OS, they can make it very specific to supporting a firewall. Software firewalls don't have this luxury. They are dependent on the OS they are installed on.
That being said, there are many good software firewalls. Some, like iptables, are even free. If you are looking to protect a medium to large business network, then IMO you should choose a hardware firewall.
I think you hit the nail on the head with your question, it's really the same question: you get what you pay for.
EDIT: Another thing that should matter to you is ICSA certification. There are about 20-25 hardware firewalls on this list and about 50 software firewalls, including personal firewalls.
In my experiences it's mainly a maintenance issue. Hardware firewalls by and large come with everything pre-installed (OS on up), just plug it in and you're close to having a functional unit. Many of them will also come with options that will let you quickly define your policy rules and whatnot in order to get you going quickly.
Updating them is typically just a matter of applying a firmware update. This is often a big advantage since all of the patching and updates are really done by the vendor, you just have to load the patched image.
In my opinion, it just depends on your environment, experience and your needs whether or not there's a real advantage.
It's really the same... the difference is whether it's delivered as an appliance or not - ie a branded box ready-to-go.
Most firewalls are available in both incarnations and examples are IPTables and Microsoft ISA - both available as just another software package or as certified appliances that are specifically configured to be a firewall - ie the "hardware" style.
Obviously all sorts of accelerator logic can be built into an appliance as long as the software supports it, like specific encryption chips to lessen the burden of common encryption tasks from the main processor. Whether this is still sane I'm not sure, as generic processing power in say x86 server hardware is high these days.
Patch management with an appliance can actually be trickier as it may not fit into your normal patch management platform and require special procedures. Too often patching of appliances/hardware firewalls are left out of the loop entirely for some strange reason.