My 2 cents...
Early on (MR2-ish), I had the SEP firewall break enough stuff that I quickly removed it in favor of Windows Firewall, and focused on just getting AV/AS running. Probably better now.
One big plus--
PROVIDED YOUR USERS DON'T RUN AS ADMINISTRATORS--is that the Windows Firewall config can be managed by Setup programs, or WMI scripts. This is done by more and more software vendors (including Symantec). SEP's firewall either isn't configurable by 3rd parties, or isn't supported by any or many 3rd parties. However, if your users run with elevated credentials<shiver>, the Windows Firewall API is a liability, because malware they run can (and will) disable the firewall, or open ports.
The Windows 5.x firewall only controls inbound connections. SEP's supports inbound & (optionally) outbound connections, which is obviously superior. So if you have Win 5.x clients and want outbound control, SEP is your choice. However, Windows 6.x also (optionally) controls outbound connections.
Windows Firewall is controllable by Group Policy, but configuration is pretty arcane, and typos can really do you in. SEP's firewall has a much better point-and-click GUI.
Symantec has scored some points recently by being able to handle multiple attack vectors as with Conficker by having their firewall integrated with their AV. Windows Firewall can't respond dynamically to threats.
I've not personally encountered a machine compromised through a properly configured Windows Firewall, though others may have. Until that becomes a widespread problem, I'll consider the risk of its continued use manageable. Someday I'll be brave enough to try SEP's firewall again. If Windows' Firewall's configuration API can be redirected to SEP so that applications can leverage it to make their own exceptions, or if Symantec adds an API that 3rd parties (including Microsoft) support, that would remove a considerable obstacle.