Must be 'cause he's using Windows, right?
Going out on a limb. Gonna expose my limited knowledge....
Main reason I use a separate box for the router/firewall is so that when the firewall gets hacked, there is nothing to be found. When it gets hacked, clear the drive, reinstall Linux and strenghten the firewall. No real damage done. Now if the server is also the router/firewall, then all data is exposed when hacked.
Most of the iptables script gererators are easy to use. And set up adequate security. And once Linux is set up, Iptables configured, it just runs. Just like the everyready bunny..... :)
FWIW...