Most Common Limitations of Firewalls
First and foremost among the limitations of firewalls is its architecture. You know that different types of firewalls work at different levels of TCP/IP protocol or sometimes OSI model of networks. Most firewalls work only at topmost layers of these Internet or Network models, thus offering lower security levels.
For example, a firewall operating at Application Level of TCP/IP protocol will check the data pattern and application signature to determine if the packet is safe. If it finds out that the application is present in reputed programs (trusted programs list of your operating system, firewall, or previously allowed application list) the firewall lets the data packet into the computer or network.
This is easy to exploit if any bot or hacker is observing the data packet patterns. It becomes easy for the hacker to create fake packets containing "trusted source IP" to hack your computer/network.
You can overcome such limitations of firewalls by creating additional set of rules that compels the firewall to scan the data packets in even more depth, maybe at a different network layer. However, you need some expertise about the network models to create such rules.
Among second-most top limitations of firewalls is the configuration of a network. If the network is not configured properly, the firewall can do nothing. If there is a lapse in network design, any firewall will fail - no matter how much you spend on the network safety. This can be controlled by involving experienced network designers and restricting access to other computers from installing a parallel Internet connection such as a dial up connection. If anything needs to be installed, install it through the main computer to overcome this limitation of firewall.
Finally, firewalls do NOT substitute your antivirus or antimalware. You need to install a good Internet Security suite. If you cannot afford an Internet Suite, you can get one of the best antivirus and make sure it is present on each of your computers - whether or not a network.
Tip: With routers and broadband modems offering firmware firewalls, you can use them as primary firewall and then install ONLY one software firewall on computer to overcome limitations of firewalls.