Older versions of the Symantec Endpoint Protection Manager (SEPM) allowed the copying and pasting of firewall rules between the Windows and Mac sections of policy. This may result in unexpected behavior from the SEP for Mac firewall. Other rule components, such as Host Groups, also must not contain incompatible criteria if used with SEP for Mac.
Unexpected SEP for Mac firewall behavior may be due to incompatible rule criteria. Criteria that are not supported in SEP for Mac:
Recreate any related firewall policy from scratch.
Do not copy/paste rules between Windows and Mac sections of SEP firewall policy; SEPM version 14.2 RU1 MP1 and newer does not allow this operation, but a bad policy may have been inherited from an older SEPM that has been upgraded. It is also possible that the firewall policy is using a Host Group that includes Mac-incompatible criteria.