Hi,
try this:
- in the Clients panel, create the groups you need if not done
- for the new group, select its Policies tab (on the top) and uncheck the inheritance of policies
- select the Policies panel (on the left), select Firewall and create a new firewall policy
- edit the new policy, for example disable the firewall and lock it down (click the small lock close to the changed option)
- assign the new policy to the target group
- wait an heartbeat and check the firewall status on the clients, it should be off
- end