When managing some Symantec Messaging Gateway (SMG) scanners, you observe that some scheduled tasks or audit log queries fail and leave a timeout error in the BrightmailLog.log
This is an issue with how some network hardware interacts with how SMG distributes network traffic across the Control Center - Agent connections.
The Control Center opens two persistent connections to the agent on each SMG scanner and distributes transactions across these connections. This distribution of traffic does not appear to be well load balanced and one of the connections may go idle for thirty minutes and sometimes up to an hour as all traffic is handled by the other connection. This can cause some network hardware like firewalls or load balancers which maintain an internal list of active connections to silently drop the idle connection from their list or otherwise reset it. When the Control Center later attempts to reuse the dropped or reset connection, the transaction it attempts to assign to that connection will fail with either a time out or network error depending on whether the connection was silently dropped or reset.
This appears to primarily be an issue with connections to scanners in remote data centers as those environments are more likely to have connections traversing firewalls and similar network hardware but may occur in other network environments.
Ensure that idle TCP connections to port 41002 are not dropped by network hardware for at least 60 minutes as this will reduce the frequency with which a connection is idle long enough to be timed out.
This issue is being investigated by Symantec product engineering and may be addressed via changes to the software in a later release.
Symantec Messaging Gateway