I guess it depends on the reliability and configurability of the external firewall.
And also in the degree of reliability of your local network, and whether there are other vulnerable machines on your local network or not (read: machines with windows installed
). If there's a vulnerable machine and it gets infected, then your whole local network with be exposed to the threat. In that case, having per-machine specific firewalling and AV can help.