Hi friends.

1. I nedd yuo help. After inatallation SEP on my server, i have this: These settings are being managed by vendor application Symantec Endpoint Protection. I need to create new rule and this rule will be block port SMB 445, 137-139. But when i enable this rule it not block ports, though firewall Windows is enable too.

2. And esle, on my enother server SEP install too, but this These settings are being managed by vendor application Symantec Endpoint Protection not apply. And here, my rule WORK

How i can do, that my rule work on my first server?

What feature do you have installed both server ?

As a best practice recommendation it is always advised to use only one software Firewall on a computer. Two software Firewalls running on a computer might drain resources and the both software Firewalls might have rules those might conflict with each other. Enabling more than one Firewall program is likely to result in conflicts and poor performance. 

To prevent the above situation Symantec Endpoint Protection (SEP) installer automatically detects and disables Windows Firewall if enabled. Exception to this would be that if SEP is installed without Network Threat Protection (NTP) active Windows Firewall will not be disabled

Best Practices for using Windows Firewall with Symantec Endpoint Protection 12.1

I install SEP on my all servers  by defoult. However i have that you see

Does have you installed NTP feture ?

SEP is installed without Network Threat Protection (NTP) active Windows Firewall will not be disabled

Yes, NTP is installed on all servers. However on first not work and on second work.....

Does sep client received latest policy ?

You need to enable windows firewall.

Using (Enabling) Windows Firewall with Symantec Endpoint Protection Network Threat Protection installed

How option i need choose, that Windows firewall ENABLE?

On my picture, Windows firewall already active?

Please check below blog

How to enable Windows firewall setting in Windows 7 machine in SEPM 12.1.2

https://www-secure.symantec.com/connect/blogs/how-enable-windows-firewall-setting-windows-7-machine-sepm-1212

May that client NTP feature not installed.

No, You need to reboot server

Can i enable windows firewall and disable SEP NTP withuot reboot server?

Does both of SEP client are same group ?

does both sep client received having latest policy?

You can try above blog and check windows firewall enabled or not.

I did that  http://www.symantec.com/business/support/index?page=content&id=TECH197660

and Windows Firewall enable, and my rule WORK. 

Thank you very much!!! 

You just need to withdraw the firewall policy, you don't need to reboot to do this!