I use Server 2008 for a lot of things these days and I tend to not use the Windows firewall for most applications. Here is an interesting note for the right and wrong way to disable the firewall and why doing things “the way we have always done them” isn’t always the right way:
Although Window Server 2008 offers an impressive built-in firewall, in some cases we Exchange administrators don’t want to have to deal with it. Maybe you are building a demo to show a customer, or a lab environment to reproduce an issue. Maybe you just want to get Exchange installed now and will loop back to deal with fine-tuning firewall issues later. Maybe you have some other firewall product you’d rather use. Maybe, even, you don’t believe in defense in depth – or don’t think server-level firewall is useful.
Whatever the reason, you’ve decided to disable the Windows 2008 firewall for an Exchange 2007 server. It turns out that there is a right way to do it and a wrong way to do it.
http://blogs.3sharp.com/deving/archive/2009/03/17/haz-firewall-want-cheezburger.aspx