The topic and or point of this thread is to ask the engineers, and customers, the best fit for satisfying the end users ability to get more done in less time, and the ability to protect a system.
The main topic I’m concerned with is the firewall, with AV it can be scaled and tuned to fit the specific needs (Locations for developers where SONAR or Legacy True scan is peeled back a bit), you can use 3rd party products to manage application and device control, and use mostly out of the box IPS policies (Unless you have copious amounts of spare time to do nothing but write custom IPS signatures. My main focus for this thread is the Firewall, and the best balance to use.
I would envision separate policies, so while inside my perimeter that’s a given and well protected, however outside is the one in question. If you say "prompt for access" it at times, and in many cases, causes a plethora of notices for end users. If the point is to make Symantec NOT STINK (Sorry Symantec, just how I feel at the given moment, hopefully you can build my trust back), then having constant pop-up seems like a good way to control things from a security perspective, but can potentially irritate the end user. So this leads to my question, what are you doing?
What do other high license count engineers do, i.e. 5K+ SEP Clients or more. If you want to NOT leave a bad taste in someone’s mouth from a deployment, are you using some magic with your firewall, not using it at all, etc..
Welcome any feedback, and appreciate it in advance