Application-layer firewalls are very processor-intensive; they require a lot of memory and CPU cycles to process every packet that needs to undergo scrutiny. The detailed logging is quite beneficial, but still, that consumes a lot of resources within the device. Two solutions have been designed:

• Using CXTP (short for, Context Transfer Protocol) to authenticate and authorize, instead of monitoring the data on a connection
• Ensuring that layer firewalls would monitor the imperative applications, as per the company requirement only

Additionally, there are some other limitations, such as they don't support all applications, since the monitoring has a limited number of connection types—Telnet, FTP, or web services. Another limitation is that they require vendor-specific software, which limits the scalability and may create management issues.