Firewalls may insulate your intranet from the Internet, but they do so at a cost. Each packet needs to be examined and then routed out to another interface, but the examination is several protocols deep, unlike a normal router that simply looks at the IP headers. So you have all the problems of routers, and then some. Firewalls that encrypt all traffic can increase latency dramatically, easily taking twice as long to make a transfer. Some configurations put the proxy and web server between two firewalls in a “DMZ”; this will slow access from inside the organization still further. A couple of rules for reducing the impact of firewalls are to use dedicated firewall hardware doing nothing but firewall duty, and to put the most used rules at the top of your rules list so they are read first. Multiple firewall machines may be able to work in parallel.

See Building Internet Firewalls, by Brent Chapman and Elizabeth Zwicky (O’Reilly & Associates).