The Admin manual reads:

The Symantec Endpoint Protection Manager includes a default Firewall Policy

with firewall rules and firewall settings for the office environment. The office

environment is normally under the protection of corporate firewalls, boundary

packet filters, or antivirus servers. Therefore, it is normally more secure than

most home environments, where limited boundary protection is available.

When you install the console for the first time, it adds a default Firewall Policy

to each group automatically. Every time you add a new location, the console copies

a Firewall Policy to the default location automatically.

If the default protection is not appropriate, you can customize the Firewall Policy

for each location, such as for a home site or customer site. If you do not want the

default Firewall Policy, you can edit it or replace it with another shared policy.

My question, is there a firewall template for mobile PCs that I could apply for our laptops? Or can anyone suggest some additional rules I can add to our policy? I have created an Outside location for our laptops, defined as when the client cannot contact the management server AND when they cannot resolve the host servers DNS. This seems to work well (better than letting users decide in SCS!). Anyway, I would like to strengthen our policy when users are mobile, without blocking needed traffic.

Any suggestions appreciated.