In the Symantec Endpoint Protection Manager, if the "Allow the following users to enable and disable the firewall" setting is enabled in Firewall Policy under Client User Control Settings when it's set to Server Control, if the end-user disables the firewall on macOS, the firewall re-enables itself after some time.

• SEP macOS agent 14.3.x

In Server Control or Mixed control mode the protection agent will re-enable protection automatically when the agent evaluates policies or settings as defined by the management console.  This could be within a few minutes or hours depending on communication settings, location awareness, or other triggers which prompt the agent process it's configuration.

The setting "Amount of time before re-enabling Network Threat Protection" does not apply to the macOS agent.

The only way to prevent the firewall from being re-enabled automatically is to switch Client User Interface Control Settings to Client control.

If the end-user disabled the SEP firewall it re-enables in five minutes for Windows agents.

Firewall: User Settings