Symantec Management Agent is connecting to the Gateway as the LAN connection is not available, but does not switch back when the LAN is available.
The customer has changed to a VPN connection but the Agent CEM Mode still displays Cloud-enabled Management mode is active.

Reproduce:

1. Agent is connected to the Gateway / CEM Mode, possibly using the Wireless NIC, or before company VPN is online. 
2. System switches to NIC (putting the system to sleep, or direct connection) which is on the Corporate LAN.
3. The agent will keep the connection to the Gateway if it is still accessible, never trying to connect via the LAN.

Disconnecting all connections and then connecting to the LAN would allow the agent to connect back via the LAN.

In 8.5 RU2 the Agent will be more aggressive at connecting back to the LAN if it's in CEM Mode.

A workaround is to not allow the agents on the LAN access to the Gateway.