You are experiencing slow network performance issues when using a Firewall policy with SEP or SES agent.

• Symantec Endpoint Protection (SEP)
• Symantec Endpoint Security (SES)

There are two items which may lead towards performance issues when using a Firewall policy.

• The combined number of entries in the Host column.  This includes any items in Host Groups.
• If Enable reverse DNS Lookup is enabled and DNS domain or DNS host are used in the Host List.

When Enable reverse DNS Lookup is enabled, the agent may experience an impact to performance depending on responses from slow DNS servers.  This setting lets the firewall perform a DNS lookup on IP addresses to compare against DNS items defined in a firewall rule.  When a large number of DNS items are defined in the firewall rule, performance may be impacted.

If there are an excessive number of items added to the Host List in the firewall policy, these items increase the size of the overall policy.  Network throughput and overall system performance could be impaired in the event large firewall policy is deployed to systems already under heavy load.

To mitigate possible performance impact, reduce the overall number of individual entries and DNS lookups where possible.  

There is a 5,000 item limit within any Host Group when using on-premise Firewall policy.

• Symantec Endpoint Protection - Intrusion Prevention Policy - Out of Band Scanning and Use Signature Subset for Servers
• Firewall Policy - Advanced Settings (Enable reverse DNS Lookup)