You are missing out on a HUGE feature in SEP if you deploy to those machines without the IPS enabled.
For example the IPS signature protect against MS08-067 which is a very common remote exploit used by virus authors to compromise machines across the network.
If a new virus comes out that ues the exploit in MS08-067 a machine with the IPS enabled will identify the network traffic and block the attack.
Once the IPS signature has been written it protects against all future virus that use that attack regardless of whether they are old/new/variants/etc
In comparison the regular AV signature will completely miss a new variant that uses the same old exploit.
You are left in a position where you are waiting for Symantec to release new definitions.
This can become an issue as there are so many new variants of some virus today. I believe there are over 900 virus's in the wild that utilise MS08-067 at this time. 900+ different AV signatures vs 1 IPS signature??
The IPS comonent requires the firewall so that it can perform at a low level within the network stack monitoring packets and performing blocks.. Initially you can easily deloy the firewall component with an ALLOW ANY ANY rule.
Once it is in place you can then test a strict firewall policy that suits your corporate environment.
I have it rolling out to 300,000+ endpoints at the moment with an allow any any rulebase so if you need any further advice just let me know.
cheers
Z