We're looking at evaluating endpoint protection products and during our eval we have a need to put the firewall in logging mode and have it report back centrally to the admin interface so that we can see what has been blocked (incoming/outgoing) or allowed on certain machines.
It doesn't appear that MS FEP can do this (firewall logs seem to be stored locally on the machine).
Same thing with McAfee HIPS (firewall logs are located on the machine itself)
Anyone know if Symantec's product can log these back to the admin interface (in the database of course) so that you don't have to manually fetch them from each machine?