well... when you first set up a firewall, i reconmend you set it up with a deny all filter on both inbound and outbound trafic. Your connection is now completely useless and 100% safe, provided you didn't make any backdoors for yourself in case of emergency. then gradually open the ports you need. This way your firewall will not have any open ports that hackers can exploid.

If you have already set up a firewall and want to check it download a port sniffer and bombard your firewall. Remember to do this from the outside of the net and not from the inside since internal ip's usually have more access than unknown ip... While portscanning expect the performance drop quite a bit.

To answer your questions bypassing a firewall that has a bad setup/standard passwords is quite easy.. if you can enter the configuration you can allow your own ip addresses to access all netword components and bam your in. The trick is to set it up the right way to begin with.

ip firewalls use accesslists, passwords and ports.. accesslists provides some of the best security as the completely deny or allow speciffic ip nets and ports. ports is always a small risk, you need to have some open in order to communicate, ports usually point to a machine or server on the internal network... In order to make ip ports safe you need to secure the final destination and the firewall itself. passwords use good passwords that are not easily broken.