Why are personal firewalls, such as Windows Firewall in Windows XP Service Pack 2 (SP2), important if the network is already protected by a firewall?

The obvious reason is that many of your users probably have laptops that aren't always connected to your firewall-protected LAN. When at home, at a hotspot, or in a hotel, the PC is on its own.

But a host-level firewall is also important on each server and workstation even when these machines are always connected to the internal LAN. In the past couple years, worms and other forms of malware have repeatedly made it past corporate firewalls and run amok through "trusted" LANs. If a typical network had had XP SP2's Windows Firewall deployed, the Code Red and Nimda worms would have spread to only a fraction of the computers they actually infected. Additionally, host firewalls can go a long way toward protecting you against malicious insiders or attackers that penetrate your perimeter defenses. Nowadays, host firewalls are an important layer in a network designed for defense in depth.