Default Deny in Firewall is too silent

Hello,

 I'd like to request that the Network Threat Protection Firewall have an explicit Default Deny statement listed in the rules that is NOT allowed to be unchecked, as a reminder that when the clients are in "Server Control" there is a default deny rule that as of now you can not see, and does not log the blocks.  And Visa-Versa a Firewall rule that is Default ALLOW when in client or mixed mode control.
     I understand and agree a default deny is best practices however, with the way SEP11 is designed currently it's all too easy to change something seemingly unrelated to the Firewall which then starts blocking TCP and ICMP at the client level.