If the Default Firewall rules are applied to a firewall policy, and the policy is enabled, a few clients are not able to be connected through RDP, even with MR4MP2.
Even , adding a blank rule, or Enabling the Allow Remote administration rule, does not help.
Stopping SMC service allows RDP connection.
"TCP Resequencing only work in LAN environment against IP spoofing.
Uncheck " EnableTCP Resequencing" in the Firewall policy- Traffic and stealth settings.
Log into the Symantec Endpoint Protection Manager.
Click on Policies, on the left.
Select Firewall Policy.
Double click on the Firewall policy assigned to groups and locations.
On the left hand side, Click on Traffic and stealth Settings.
Under Stealth Settings, Uncheck "Enable TCP resequencing" .
Click OK to close the window.