Para quem ficou na dúvida sobre a existência do Firewall de inspeção profunda (Deep Packet Inspection), segue uma fonte:
The Difference Between Application Filtering and Deep Packet Inspection
Deep packet inspection is sometimes referred to in the same context as application filtering, but some subtle differences force us to treat each method as a separate and distinct method. Whereas application filtering can truly masquerade and provide the application functionality, deep packet inspection is more of an integration of intrusion detection system (IDS) and intrusion prevention system (IPS) functionality into a stateful packet-inspecting firewall. Deep packet inspecting firewalls typically contain a database of attack signatures and attack patterns, just like an IDS/IPS would. In fact, to be brutally honest, deep packet inspection is merely a good marketing term to describe integrating IDS/IPS functionality into the firewall. After all, because the firewall is going to see all the traffic anyway, why not just let it handle the IDS/IPS functionality? This is the thought process behind newer firewalls such as the Cisco Adaptive Security Appliance (ASA) and Juniper Networks Integrated Security Gateways (ISG).
Fonte: Firewall Fundamentals - Wes Noonan, Ido Dubrawsky