Make sure your rules for BES, Exchange, and DC's are set up correctly. When traffic is passed through the firewall, it will check each rule in order starting from the top. Once a match is made, the policy stops at that rule and all other rules below will be ignored. I would try testing policy with an "Allow All" rule at the top then moving it down one rule at a time till you get to the problem rule. Troubleshoot the FW policy from there.
Check this -
Symantec Endpoint Protection 11.0 Network Threat Protection (Firewall) Overview and Best Practices White Paper
http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/d29b17f62f36c49f882573b400333bd4?OpenDocument
Moving to the Endpoint Protection forum.