Endpoint Protection Firewall for Mac allows traffic when all firewall rules are removed from policy
Last Updated December 11, 2018
When editing firewall policy at the SEPM (Symantec Endpoint Protection Manager), if all of the firewall rules in Mac Settings are removed, user will see warning: "You have selected all rules to be deleted. This will block all thr trafic and will not generate any traffic log. Are you sure that you want to delete all the rules from the list?"
Despite this warning, deleting all rules and applying this policy to a SEP for Mac client will allow all traffic.
Symantec is aware of this issue and will update this article when a solution becomes available. Click the Subscribe to this Article button to be notified of future updates through email.
This appears to be by design, and the warning at the SEPM will be changed in future SEP version.
Workaround: If you want the firewall to block all traffic, create/move a "Block all traffic" rule to top of list.
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe