Firewalls and routers do not have to be on the same box.
They do you know (with one exception).
It's easy to fall into the trap of thinking that a router is something like a dedicated Cisco XYZ, however this is not the case.
The Cisco XYZ is a router because if has routing functionilty built in, and that's what you primarily use it for. However a router is just a device that routes, so it might just as well be a firewall appliance, a Linux server or indeed a Windows server.
A firewall *is* a router (with one exception). It has to be, otherwise it cannot move packets between different subnets and/or interfaces. So a firewall and router must be on the same physical unit.
The exception? Well, when the firewall is on the DTE such as an end users desktop PC of course it doesn't need to route because the data has arrived at it's destination. In this case however it is not really a firewall, more of a chocolate fire-guard 
