I am having an ongoing discussion/argument with many IT pros in this field. As of now, we are running SBS 2003 SP1 with Exchange Server 2003 SP1 on one single server machine hooked to a standard Dynamode 10/100/1000 fast ethernet switch. In addition, we have a 3com Office Connect ADSL router with 11g wireless (3CRWE754G72-A/B) plugged into one of the switch ports. This ADSL unit has a built in hardware driven (I think) firewall which is activated along with the port filter. The Server has Symantec Corporate 9.0 installed along with managed work stations (25 all total). All work stations have Win XP SP2 installed and users are all limited to the lowest level ("user"). NOBODY has access to outside e-mail and the SMTP port on the server has been altered so NO outgoing mail can be sent via the server. ALl of the workstations have the SP2 firewall activated and all users are unable to change this. Inside the Internet Explorer browser v6, the security, privacy and cookie settings are set one step above the default.
After saying all of that, is it absolutely necessary to add a firewall box?
...if at all?
Appreciate all the help I can get,