You have DLP Endpoint agents installed and working correctly when on the LAN. Policies are received, incidents are communicated etc.
However, connecting by Microsoft Direct Access notice that the agent recieves no DLP policy changes. You can ping the detection server and telnet to port 10443 on the detection server. No incidents are created until the agent reconnects to the LAN.
FINEST level logs from the Endpoint Agent show messages such as:
8024 | FINEST | Communication.CurlTransportLayer | TransportDisconnectionInformation [DisconnectReason: FAILURE_TO_CONNECT, TransportErrorCode: SERVER_UNREACHABLE, ErrorMessage:Libcurl Error: '7'. Error Message: Couldn't connect to server. Last Error String: Failed to connect to <DetectionServerName.YourCompany.com> port 10443: Timed out
Microsoft Direct Access supports IPv6 connections only. All current versions of the DLP Endpoint Agent require native IPv4 connectivity.
See extract from the administrator guide for DLP (version 15.x):
Symantec Data Loss Prevention IPv6 support is limited to [Network] monitoring [solution]. The Enforce Server administration console must still be deployed on an IPv4 network; there is no support for command and control functionality over IPv6. This release does not include support for:
Prior to DLP 16.0, only Network Monitor solution supported IPv6.
IPv6 support has been added for the DLP agent in DLP 16.0 release. Please refer to the below link: