When using Windows Subsystem for Linux version 2 (WSL2) or the Windows Sandbox feature within Windows 10, network connections to external hosts fail.  The Endpoint Protection (SEP) firewall shows a remote connection block for the WSL2 or Windows Sandbox IP address.  

The SEP firewall uses multiple drivers to track running applications and network connections on Windows systems.  Both WSL2 and Windows Sandbox use Hyper-V technology to create a NAT'd connection from the host NIC to the guest NIC via virtual switches.  From a networking perspective, these are basically Hyper-V virtual machines.  The applications run within a guest VM and cannot be tracked by drivers running on the host operating system.  So for the SEP firewall running on the host operating system, this traffic will appear as unsolicited IP traffic and will be blocked.   

For Example

On WSL2, if you attempt to check for updates via apt, the outbound traffic from the host NIC will be blocked. 

8/6/2021 11:10:39AM Blocked Outgoing TCP security.ubuntu.com [91.000.00.00] 00-00-00-00-00-00 80 192.0.2.0 00-00-00-00-00-00 Block all other IP traffic and log 

Even if you allow all outbound traffic for the host IP address, the response from the repository going back to the WSL2 NIC will still be blocked.  

8/6/2021 3:55:35PM Blocked Incoming TCP 192.0.2.0 00-00-00-00-00-00 51658 91.000.00.00 00-00-00-00-00-00 80 Block all other IP traffic and log 

In addition, WSL2 and Windows Sandbox use dynamically generated network addresses each time they are launched, so any firewall rules created will need to be modified each time you use these features.