Hello,
Here are few Articles which may assist you to do the opposite of what you want -
How to prevent SEP features from being disabled in the client GUI in SEP 12.1
http://www.symantec.com/docs/TECH168990
How to block a user's ability to disable Symantec Endpoint Protection on Clients
In your case, you want to "Enable user's ability to disable Symantec Endpoint Protection on Clients for trobleshooting purpose (temporarily)."
Go to the Specific client group --> Policies --> Location specific setting --> Client user interface settings --> Edit settings --> check Allow user to enable and disable firewall
Check on client, as you can see tab is Enabled.
Again, Check this Thread:
Hope that helps!!