To allow DirectAccess (DA) to function properly, please ensure that Symantec Endpoint Protection 12.1 RU2 MP1 or above is in use and enable the Windows Firewall through the SEP firewall policy using these steps:

1. Log on to the Endpoint Protection Manager (SEPM).
2. Click Policies.
3. Click Firewall then click Edit Policy.
4. Click Windows Integration.
5. Select either Restore if Disabled or No Action from the Disable Windows firewall drop down menu.

If the option “No Action” is chosen, the MS FW will have to be enabled in alternate way (if it is disabled).

DirectAccess should now function as expected.

Note: In SEP 12.1, you will need to add a rule to allow Ethernet protocols 0x8100, 0xfb33, 0xfb34, 0x806 and 0x0.  Also IPv6 is blocked by default, this needs to be changed to allow.

Example:

1. Log on to the Endpoint Protection Manager (SEPM).
2. Click Policies.
3. Click Firewall then click Edit Policy.
4. Click Rules.
5. Select Add Rule...
6. Enter a rule name
7. Click Next
8. Select Allow connections
9. Click Next
10. Select All Applications
11. Click Next
12. Select Any computer or site
13. Click Next
14. Select Only the communications selected below:
15. Click Add...
16. Set the Protocol to Ethernet
17. Enter in the desired ethernet protocols described above
18. Ensure each newly added ethernet protocol is checked
19. Click Next
20. Choose your desired log setting
21. Click Finish
22. Click OK