Is there a large need for antivirus/antispyware within a firewall? For example, most sonicwalls come with a gateway antivirus/antispyware. I'm not running a public HTTP server or any type of public service. We do not run a mail server here either, so would there be any reason to have these features?
SnapOverflow
I'm pretty sure the point is to protect your internal users. Eg if Joe Employee visits RandomBadwareSite.com, there's a chance the firewall will stop the viruses/trojans/etc before Joe gets infected.
Usually they are ran in conjunction with a http proxy on the firewall to prevent users from accessing bad stuff from the web.
Some 'firewalls' also can act as a email relay and protect you from getting malware through smtp.
It's a perimeter defense system, to block out anything that's potentially infected before it gets anywhere near your network.
It's a great thing, because anything blocked at the perimeter, you don't have to clean off an end-user's workstation.
It is a defense-in-depth thing. Earlier this year we had an email virus arrive that wasn't in our email gateway's AV signatures, and therefor ended up on users desktops. We thought we'd trained them better, but many opened it anyway and mayhem ensued. The infection/worm slowed down greatly once our AV signatures were updated with one that had this virus in it.
This particular worm was just a mass-mailer. If it had been the kind that also scans for open shares and drops infected files all over, it would have been nearly impossible to clean up without local AV systems. As it was, we got off a bit lucky on this outbreak but we had the tools to handle a bigger one.
For the simple reason that a virus can come in from other sources too. Somebody could bring in a presentation on a USB stick, for example. BAM!
I'm also strongly of the viewpoint that as well as ensuring no viruses get into your org, you also have a responsibility to ensure that no viruses can get outside your org. What this means is that if you share data with someone else, in any shape or form, you should play nice and make certain that you don't accidentally infect them.
Finally, the basic common sense reason is that you have two layers of defence. No AV solution is 100% effective, so having AV inside as well (and please make sure it's from a different vendor) will at least give you a chance of catching something that slips by your gateway.
Prerimeter security and Endpoint Security. It's like having armed guards on the wall at the military base, but the soldiers also carry guns inside the base. It's best to stop threats at the perimeter because its easy to scan and clean that choke point of the network, but just in case you also want to have the endpoint security if something gets through undetected. Something could get through via encryption, or unauthorized media (CD, usb drive) utilized by a PC user, or other ways as well.
For when your laptop users go travelling, connect up to the open wifi at Joe's Diner (or their home networks for that matter), get their laptops full of crap that would otherwise be caught by the desktop A/V you wish you had installed, then bring that back to your network and plug in.
The firewall protects just one gateway to the computers behind it. Unfortunately, the Internet isn't the only way to infect computers. Long before the Internet -as we know it- existed there was a virus problem and there were a few antivirus companies providing proper protection.
And what seems to be forgotten: regular updates! The software of firewalls isn't always up-to-date while most systems are set up to get new virus-definitions at least once per day. The firewall might not know yet about the latest moc.tluafrevres.net virus but as soon as it found and a cure is developed, most users who keep their local virus scanner up-to-date will be protected within a day.
On the surface it may appear that in your situation there is little point, as firewall based AV software only works with certain type of traffic, mostly email but some also do HTTP. Although you may not be hosting email I'm pretty confident email traffic is flowing through that firewall. e.g. Between your hos and the clients. It therefore follows that having the antivirus software in the firewall scanning that email traffic could block a virus before it reaches the clients (or outside recipients if scanning outbound as well).
Firewall based AV software is not a solution to the problem but it sure can help.