Security gateways are more than firewalls, adding all the functions found in the SOA management suites that handle authentication, authorization, and accounting. When Web services act as an interface to an enterprise SOA, the security gateway often needs to convert between JMS and HTTP, as the majority of SOAs don't use true Web services internally.
Unless connecting to the outside world, the ability to tunnel through firewalls is big negative.
In addition, a gateway can't effectively scan a document without first decrypting it, so most are also responsible for encryption and authentication, whether using SSL, WS-Security, or SAML. The deep-packet inspection and understanding of XML required to recognize attacks also makes security gateways useful for XML transformation and routing, and often better at it than management software, thanks to specialized SSL or XML acceleration hardware.
Most security gateways are still standalone boxes, installed in much the same way as a traditional firewall and sold by specialized vendors (see diagram, below).
(click image for larger view)