These are excellent questions. In short, Snort can be resource intensive and for 200+ machines that can be a lot of traffic. You may need a moderately powered machine for this. My experience with it has been on a much smaller scale, so I can't give you a first hand take on the requirements.
I read an article,
here, that discusses the advantages of putting Snort on a machine with a 'hidden' NIC. The NIC does not get configured with an IP address, etc, which works fine since it is purely a sniffing device that is in promiscuous mode. By making it a non configured interface, it is harder for an intruder to attack it, unless they get at the machine running snort. A really good way to do this is to create a span port on your switch that monitors the traffic, but up and down stream on the other ports.
Aside from the above, where it could be advantageous to have the Snort machine running in stealth, I can't see any reason to not put the firewall and snort on the same machine. You will want to put snort behind your firewall, if at all possible, which will reduce the traffic and show you what is making it through the firewall rather than all of the traffic.
As far as an interface, there are several web GUI applications for the firewall. Similarly, there is a php application called Base for the snort. I am not aware of a native gui application for these as quite often these will be run on a server that does not have a GUI. The basic command line interface for these is not complicated and is the only way to go to really unleash the power of these applications.