I just don't understand why anyone in their right mind, no pun intended, would want to run Firewall on a Windows machine. Windows machine just doesn't have the tools to troubleshoot problem like tcpdump, unless you are willing to pay for Sniffer software. Why don't you use SecurePlatform instead? Secure right out of the box, don't have to patch anything due to already "hardened" kernel.
I agree with the SecureClient install. I've just done it at a client and it is just dirt simple to accomplish. Even comes with a pretty slick web interface that will handle most everything but proxy arp entries.
