Bridging the gap between the firewall and an IDS (intrusion detection system) unit such as the IDP-100 requires the addition of simple firewall functions such as NAT and termination of VPN tunnels, but it’s easy to see the convergence of these two security devices into the new breed of firewalls.
In the near future, we will see products marketed as firewalls that will be able to filter as generally as layer 3, and as granularly as layer 7. Layer-7 firewalling isn't unheard of, but it's hard to implement. Filtering based on a finite set of ports or IP addresses is simple compared to firewalls that filter based on portions of an HTTP header or specific functions of an IM protocol. The evolution of the firewall is directly tied to the ease with which these filters can be created and managed.
One interesting aspect of these changes is speed. It took quite awhile for the firewall to graduate to an appliance. Years of maintaining Solaris systems running FireWall-1, NT servers running Raptor, or *nix systems running the packet filter dujour dance through my head.
Firewalls built on a server platform are a liability. The underlying OS isn't specifically built to run the firewalling code, and the system has spinning disk, hopefully redundant, but still there. The time it takes to condense the extreme functionality of the new firewalls into an embedded device will hopefully be much shorter than the last evolution, since the benefits are equal, if not greater. Whether integrated into firewalls or as an appliance, intrusion prevention systems such as the IDP-100 will find a home in networks of any size.