To review:
In the HostedEndPoint.spn page for the client, go to Policies tab, select the copy of the default you made.
Scroll down to the Network Protection section and check the box for "user can disable firewall"
Save the policy change and wait until the push shows 100%.
Wait a few minutes and logon to the client machine.
Right click the Sym.cloud icon in the System Tray, it should show the Disable firewall option. (If not wait until it does.)
Click it and select the length of time you want it to be turned off.
Open the Windows Action Center - note that both firewalls should be off.
Click the View Options button and then select Turn on Windows Firewall.
Symantec will disable the Windows Firewall and reenable its version at the time specified.