Hello,
1 ) How do we enable firewall Policy ?
To enable the Firewall Policy, you would need the Network Threat Protection Feature (Firewall) installed on your machines. Do you have that installed?
If not, then,
You can do that by Auto-upgrade Feature (NOTE: A Restart would be required to the machines to have the Network Threat Protection Turn ON ) :
- Log on to the newly migrated Symantec Endpoint Protection Manager Console.
- Click Admin > Install Packages.
- In the lower-left pane, under Tasks, click Upgrade Groups with Package.
- In the Welcome to the Upgrade Groups Wizard panel, click Next.
- In the Select Client Install Package panel, all existing client packages are listed in the drop down box. Select one of the following:
- Symantec Endpoint Protection <appropriate version>.
- Symantec Network Access Control <appropriate version>.
- Click Next.
- In the Specify Groups panel, check one or more groups that contain the client computers to be migrated, then click Next.
- In the Package Upgrade Settings panel, check Download client from the management server.
- Click Upgrade Settings.
- In the Add Client Install Package dialog box, on the General tab, specify whether or not to keep existing client features or specify new ones, then configure a schedule for when to migrate the client computers. Under the Notification tab, specify a message to display to users during the migration.
- For details about settings on these tabs, click Help.
- Click OK.
- In the Upgrade Groups Wizard dialog box, click Next.
- In the Upgrade Groups Wizard Complete panel, click Finish.
Symantec Endpoint Protection 11.0 Network Threat Protection (Firewall) Overview and Best Practices White Paper
Default Network Threat Protection Rules for Symantec Endpoint Protection
Symantec Endpoint Protection Manager - Firewall - Policies explained
http://www.symantec.com/docs/TECH104433
2) Even we are not enabling the firewall policy explicitly does symantec add some firewall policy ?
If you haven't installed the Network Threat Protection Feature (Firewall) then there is not polciy being applied to the Client. if you have the Feature Installed the Default Network Threat Protection Policy would be applied.
3 ) after we enable the firewall policy do we need to deploy the client again ?
No.
(NOTE: A Restart would be required to the machines to have the Network Threat Protection Turn ON )