About the
Symantec Endpoint Protection
firewall

The
Symantec Endpoint Protection
firewall uses firewall policies and rules to allow or block network traffic. The
Symantec Endpoint Protection
includes a default Firewall policy with default firewall rules and firewall settings for the office environment. The office environment is normally under the protection of corporate firewalls, boundary packet filters, or antivirus servers. Therefore, it is normally more secure than most home environments, where limited boundary protection is available.
Firewall rules control how the client protects the client computer from malicious inbound traffic and malicious outbound traffic. The firewall automatically checks all the inbound and the outbound packets against these rules. The firewall then allows or blocks the packets based on the information that is specified in rules. When a computer tries to connect to another computer, the firewall compares the type of connection with its list of firewall rules. The firewall also uses stateful inspection of all network traffic.
When you install the console for the first time, it adds a default Firewall policy to each group automatically.
Every time you add a new location, the console copies a Firewall policy to the default location automatically.
You determine the level of interaction that you want users to have with the client by permitting or blocking their ability to configure firewall rules and firewall settings. Users can interact with the client only when it notifies them of new network connections and possible problems. Or they can have full access to the user interface.
You can install the client with default firewall settings. In most cases you do not have to change the settings. However, if you have a detailed understanding of networks, you can make many changes in the client firewall to fine-tune the client computer's protection.
As of version 14.2, the Mac client offers a firewall for the managed client only. The user can only enable or disable the firewall if the administrator has allowed client control. Since it operates on a different network layer than the Mac's operating system firewall, they can both be enabled and run in parallel.
More information