I ran an unsuccessful game service for a while, and due to the nature of our product (custom 3D characters) we suspected to receive and did receive an incredible number of hack attempts for a pretty much unknown web service. Expecting the issue, we got a US $20K SonicWall hardware firewall of the class used by banks. Best investment ever. On four separate occasions we had DoS attacks that the SonicWall shrugged off without a sweat. Typically, we'd see 100-300 actual hack attempts per day for this unknown service. To handle this, it takes is being serious, and listening and following your security experts guidance without cutting corners. They are aware security is expensive and have already mentally scaled their recommendations to a balance between what they think you can afford and security you'll need. Go with their recommendation - they are the expert.
Are you conflating DoS (something a firewall can deal with) with the kind of hacking that can penetrate a system? I'm not sure a firewall can do anything about (for example) SQL injection.
I think commenter is describing his company's operation, what attacks they were facing, and that listening to advice countered them. Commenter doesn't mention a SQL Injection or claim his case applies to anything else. Instead, merely points out that listening to professionals who understand risks of your technology and following their advise can prevent problems caused by those risks. That was my take.
I'm not familiar with Sonicwall specifically, but a packet-inspecting web app firewall can indeed do something about SQL injections, obvious ones anyway.
