Check here.

Hi Ray,

In the SEPM, go to the clients section. Select your client group. On the right-hand side, with the Clients tab selected at the top, look for a View dropdown. Set this to Protection Technology. In this view, look for the column "Firewall Status". This will indicate if the SEP client's firewall (Network Threat Protection) is enabled or not.

I am a bit confused, I looked at the Firewall Status column as you guys suggested, the status is enabled but when I check those workstations the windows firewall is on (as mandated by our GPO) and the SEP firewall is off (as it should be according to our company  policy). Why are they showing “enabled” in the console when the SEP firewall is actually off? Can I tell witch firewall is actually enabled SEP or MS? My goal is to make sure all our clients are using the windows firewall.

Additional information;

All our clients have the following components installed and the firewall policy auto generated when I installed the SEPM is disabled.

Antivirus and Antispyware Protection

Proactive Threat Protection

Network Threat Protection

 Thanks guys!

I think there is no way to tell , if the  firewall in ON or  OFF, from SEPM. It would only show, if  NTP is installed  or niot. So, if  you  have NTP component installed, but the firewall policy is disabled, like in your  case, SEPM would only say enanled  for Firewall, as NTP is installed. If you remove  NTP, then it would show Firewall status as not enabled!

If you have turned off the NTP from the policy it will be off on all the clients..However you cannot exactly if its on or off from SEPM

However if you can query the registry of the clients then you can check this

HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC

smc_engine_status  0 – means turned OFF 1- turned ON.