Symptoms
After installing Symantec Endpoint Protection with Network Threat Protection (SEP's firewall component) onto a Windows 2008 Small Business Server, Windows' built-in Server firewall has been disabled so that only one firewall is in use. Afterward, the Windows SBS Console complains that Server Firewall is in critical condition (showing Red).

This cosmetic indication can be overcome if the Windows Firewall is set to not monitor the network connections. When the firewall is on and not monitoring the connections, connectivity is then monitored by SEP's NTP.

1. Edit the SBS Windows firewall settings, under 'Advanced', 'Network Connection Settings',
2. Select the check box for each connection you want Windows Firewall to help protect.
3. Uncheck 'Local Area Connection'. 
4. Now turn the Windows SBS firewall back on, which will clear the Windows SBS Console critical firewall error.

References
http://www.symantec.com/connect/forums/sep-support-windows-small-business-server-2008

Technical Information
Please note: NTP and Windows Firewall should not both be enabled and monitoring network traffic. Enabling more than one firewall program on a network connection is likely to result in conflicts and poor performance.