Sorry guys I don't think you understand what I'm doing
The SEP firewall has a predefined Network Adapter under Policy Components. There are several there, including one labeled "Wireless"
When this is used in the firewall policy it can block or permit traffic based on the adapter, which is a component of SEP rules.
This solution works and I've tested it, although I like using the Device Control better, as it blocks it at the hardware level versus layer 3. The problem with Device control is that you would have to know every possible device ID to have an effective block. So we use the SEP FW instead.
The problem you mentioned about needing Wireless off-network is easily solved by creating another Location in SEP and that is working fine.
EAPOL has nothing to do with this as we are permitting it for NAC, not wireless. Thats another problem, "Wireless Eapol" is incorrectly labeled in SEP, as Eapol is more then just wireless traffic.
The problem IS the Symantec configured object "Wireless" is getting false positives on adapters that are wired. Other then creating a pass rule, which I don't want to do, I want Symantec to fix this "Wireless"Adapter object because its not editable by the user. That is why I listed the NIC models above.