After installing Symantec Endpoint Protection with Network Threat Protection (SEP's firewall component) onto a Windows 2008 Small Business Server, Windows' built-in Server firewall has been disabled so that only one firewall is in use. Afterward, the Windows SBS Console complains that Server Firewall is in critical condition (showing Red).
This cosmetic indication can be overcome if the Windows Firewall is set to not monitor the network connections. When the firewall is on and not monitoring the connections, connectivity is then monitored by SEP's NTP.
Please note: NTP and Windows Firewall should not both be enabled and monitoring network traffic. Enabling more than one firewall program on a network connection is likely to result in conflicts and poor performance.