The default firewall rules in Symantec Endpoint Protection Manager (SEPM) are not allowing some traffic or are not logging the events related to the rules. The customer would like to monitor and log the events or rules to explain why a block is happening.
Possible cause is that the default rule set of the Symantec Endpoint Protection Manager (SEPM) when installed don't meet the specific customer's needs.
To perform the modifications from within a specific Clients Group:
To perform the modifications from within the Policies Tab:
In the SEPM, go to Policies. On the policies' list, click on Firewall and then select the Firewall Policy you want to modify. Click "Edit the policy" from within the Tasks list below and follow the instructions on point 3) above. The new settings will be effective to all the groups that that policy is applied to.
To activate write to log from Edit Policy level:
To configure this setting upon creation of a new Firewall rule:
When you add a new firewall rule to an existing Firewall Policy, the last settings that you will be prompted to configure pertain to the logging of events related to the triggering of that rule. At that stage you will be asked only to confirm if you want to log these events or not, by answering "yes" or "no", and the default logging will be done on the "Traffic log". However once the new rule is created you can then change these settings by using the same procedures described above to edit existing firewall rules.
Remember that all modifications performed in the SEPM will only be applied to the Endpoint Protection (SEP) clients either on the next heartbeat (automatic contact with server) or if you manually force the content update.