Symantec Endpoint Protection (SEP) for Mac includes firewall functionality, and default firewall rules may not include some common macOS services.

• macOS
• SEP or SES

Cross reference the Firewall policy in use against Apple's list of TCP and UDP port list and make any adjustments as necessary.

TCP and UDP ports used by Apple software products

Steps to create or update a Firewall policy can be found in the Additional Information section below.

• SEP (On-Prem) - Adding a new firewall rule
• SES (Cloud) - Adding a custom firewall rule in Symantec Endpoint Security

References

TCP and UDP ports used by Apple software products and other 3d party tech support pages may not be clear on port requirements. In these cases, a useful technique to isolate the necessary protocols and ports is to create an "allow" rule at top of SEP Mac firewall rules for the IPv4 and IPv6 addresses of the desired resource (i.e. an Apple TV, printer, etc). Use "ping hostname" and "ping6 hostname" commands to get these addresses. (you may need append ".local" to hostnames for local networking). Set this rule to write to traffic log and create an "Allow All" rule just below it that does not write to log. Then connect to the resource and note the destination ports and protocol (UDP/TCP) used in SEP client logging. Create a second more refined firewall rule above the first one and allow all hosts but only the destination ports seen in client logging. Leave logging disabled on this new rule, and continue testing and note any new ports/protocols that are still logged by the "Allow IP address" rule and continue refining the top rule. If you see what appears to be random non-ephemeral port usage, e.g. 9616/9623/9286, then allow a range like 9000-10000. Destination port 49152 or higher in logging generally indicates the application is using a random selection in the ephemeral range and you should allow 49152-65535.