Why do I get an Error: "Windows Firewall cannot run because another program or service is running that might use the Network Address Translation component (IPNat.sys)" when I try to launch Windows Firewall from control panel for port configuration in order to establish basic communication between the Symantec clients and the Symantec Server/Console/Manager.

Symptoms
On Windows Server 2003, when we try to launch Windows Firewall, it gives the error"Windows Firewall cannot run because another program or service is running that might use the Network Address Translation component (IPNat.sys)." This restricts us from configuring Exceptions in the Widows Firewall for communication between Symantec Endpoint Protection (SEP) and Symantec Eddpoint Protection Manager (SEPM)

RRAS Service which runs on the server with NAT does not allow the Windows Firewall service to start

Follow the steps below to resolve this issue:

1. Click on Start
2. Click on Run
3. Type services.msc
4. Click OK
5. Stop and Disable the RRAS service
6. This would let you access the Windows Firewall
7. Configure the Windows Firewall as required
8. Enable and Start RRAS service after the successful configuration of the Windows Firewall

Technical Information
This issue is caused due to limitation of the RRAS Service which runs on the server with NAT that does not allow the Windows Firewall service to start