you just need to click on fix all to trun on the firewall. You dont get that option?
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007110514540148

One of the users sent me this screenshot.
Where is this button supposed to be?

click on options near the NTP ,you will get option for enabling it..

You are right, this is the case.
But it does not activate the firewall at all when you click on "Enable Network Threat Protection".

Regarding this "Fix"-button: When logged in as local administrator, this button is available.

check the value of registry key when you enable and disable it

https://www-secure.symantec.com/connect/articles/symantec-endpoint-protection-few-registry-tweaks

sepm , did you allow your users to disable and enable NTP
open sepm
clients - policies- location specific
click on server control
check if you have enabled users to activate NTP

open sepm
clients - policies- location specific
click on server control--customize 
any time you specified before re-enabling network protection?

@ Rafeeq:
I have checked the Registry on the user's machine.
After re-activating NTP as user, the value of the key does not change from 0 to 1.
When re-activating NTP as local administrator, it changes to 1.

On the SEPM, the settings are like this, yep.
I allow the user via location specific settings to deactivate NTP.

@ AravindKM:
any time you specified before re-enabling network protection?
What do you mean with this?

No problem.
I did not activate this option.

This seems quite strange to me ... May it be because the SEP11-Client Version installed on these Clients is 11.0.4014.26 and the SEPM runs on 11.0.5002.333?

I am not finding a fix in 11.0.5 anyway just for testing try it..

Happy to hear your problem got solved..