For the firewalls ,we usually use package filte firewall ,but there have anthor firewalls ,about Trojan Firewall ,about DDOS aganist firewall ,about ARP aganist firewall …
so ,why not comodo to develop Trojan firewall,DDOS against firewall and ARP against firewall …
Need your answer.thank you …
yep, add something like vipre antivirus premium, a ids, for detect some backdoor in the firewall will be awesome ! 
With D+ you should be able to catch the installation of malware in its tracks. The firewall would alert you and keep the program from accessing the web if you installed the trojan accidentally because it is not a safe application.
CIS does have ARP cache protection. Is it not strong enough?