Comment Desktop yes, servers no (Score 1) 440
workstations should have a desktop firewall mostly to monitor outbound connections. (good for keeping apps from phoneing home etc).
most nasty inbound traffic should be blocked at the router but it's nice to be able to block an extra port or random IP when needed on a per machine level.
For servers where you are expecting random incoming traffic it's better to block all unwanted inbound traffic before it ever gets the sever (ACLs work fine here). You don't need to worry about outbound traffic as much, as long as you are doing reasonable things like blocking outbound port 25 for your web server, port 80 for your mail server etc.