Endpoint Protection

I have some questions about how the SEP Firewall works:

1. If I create a firewall policy with no rules, how will it behave?  Will it allow all traffic? Block all traffic? Allow all outbound but block inbound?

2. I've always assumed that the SEP Firewall is stateful.  Is that true?  Reading the help files about Source/Destination vs Local/Remote almost sounds like it isn't stateful.  The online documentation states for source/destination:

If the client communicates with a Web server and the traffic is inbound, then the source host is the Web server; the destination host is the client. If the traffic is outbound, the source host is the client and the destination host is the Web server.

This is not true for a traditional stateful firewall.  In a stateful firewall, the client would initiate a connection with the web server, and the response from the web server would be handled under the same rule. I'm pretty sure the SEP firewall is stateful, otherwise we would have to allow all inbound traffic to let a web server reply to a http request.  Seems like the documentation is wrong.

3. How do I create a firewall rule that allows all traffic outbound traffic from me (local) but blocks all inbound traffic that isn't in response to a request from me. 

4. Why do you even have options to select IP ranges, subnets, dns names, etc for the Local option when you use Local/Remote?  Isn't Local always "me" and only "me"?

Thanks!

Paul

Hi Paul,

This should answer the firewall specific questions
https://support.symantec.com/en_US/article.HOWTO80974.html

To setup up specific location based firewall rules you'd be better off using location awareness then you can use the rules to allocate specific firewall polices (block/allow traffic etc) based on users location (see the links below for more information).

Best Practices for Symantec Endpoint Protection Location Awareness
http://www.symantec.com/docs/TECH98211

Location Awareness Logic 
http://www.symantec.com/docs/TECH97097

How to configure mobile computers to automatically download virus definitions when disconnected from the Symantec Endpoint Protection Management console
http://www.symantec.com/docs/TECH104571

How to Use Location Awareness as Fault Tolerance for Content Updates
http://www.symantec.com/docs/TECH94265

Check this fourms.
https://www-secure.symantec.com/connect/forums/location-awarness

those are great articles (except TECH94265, which Symantec isn't finding), but none of them answer any of my questions.  (BTW, I am very familiar with location awareness and have used it for years.) 

Hoping someone with a detailed understanding of how the SEP firewall works can answer these.