Hello Anil ,
please find following whitepapers for NTP and How to block ports using sepm firewall .
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007121714495348
If you see excessive traffic to or from particular ports related to a threat, you can block those ports with Firewall rules
1. Click on Policies > Firewall
2. Click on Add a Firewall Policy
Alternately, you can modify an existing policy:
1. Select that policy
2. Choose Copy the Policy
3. Click on Paste a Poicy
4. Highlight the copy
5. Choose Edit the Policy
3. Change the Policy Name (i.e. "At Risk Systems Firewall policy")
4. Click on Rules
5. Click Add a Blank Rule
6. With the new rule highlighted, click on Move Up multiple times until it is at the top of the list
7. Add a Service for the rule to trigger on:
1. Right-click in the Service column for this new rule
2. Click Add
3. Verify the Protocol is set to TCP, and that Local/Remote is selected
4. In the Remote Port field, enter the port that is being used by the threat (i.e. 12345)
5. For Direction, select Outgoing
6. Click OK
8. Right-click in the Action column for this rule, and select Block
9. (Optional) Right-click in the Logging column for this rule, and select Write to Packet Log
10. Click OK
11. Right-click on the Policy, and choose Assign
12. Check the box for the group created earlier, and click Assign
Notes:
- If the traffic is inbound to a local port, create the rule as above, but enter the port number in the Local Port field (leaving Remote Port empty), and select Incoming as the direction
- If the threat spreads through open shares, block all incoming traffic to ports 137 and 445
- Be careful when blocking the ports needed by SEP for communication (Ports used for communication in Symantec Endpoint Protection 11.0), or any ports necessary for other types of communication ( i.e. 20, 21, 80, etc.). This can cause critical applications not to communicate as needed