Cannot disable Symantec Endpoint Protection (SEP) firewall for Mac via client interface. Toggling the firewall switch may result in temporary display of "Firewall is disabled" in status page of client interface, but firewall rules continue to block/allow and log traffic as configured. And the toggle will re-enable itself.
macOS, OS X, Mac
When using Mixed or Server Control, the SEP client for Mac will not allow disabling IPS or NTP via the local GUI even if policy is otherwise configured.
Even when Client Control is selected, the SEP for Mac will continue enforcing firewall rules even though NTP toggle is turned off in local GUI.
Upgrade to SEP 14.2 RU2, and select Client Control in location-specific settings for that client's group in the SEPM. This will allow users to toggle NTP and IPS settings in client GUI and client will honor those switches. Mixed and Server Control continues to keep NTP and IPS configured according to settings at the SEPM, even if those policies are otherwise configured.