SSL session log shows "Bad Mac Error" as following cases.
Retransmission packets is not same as original packet.
For example, original data were several packets but retransmit is one packet as following
[original packets]
105284 20xx-xx-xx xx:xx:33.457000 xx.xx.xx.xx xxx.xxx.xxx.xx TLSv1.2 325 7391 Application Data
Sequence number: 41136 (relative sequence number)
Next sequence number: 41407 (relative sequence number)
105292 20xx-xx-xx xx:xx:33.567000 xx.xx.xx.xxx xxx.xxx.xxx.xx TLSv1.2 163 7391 Application Data
Sequence number: 41407 (relative sequence number)
Next sequence number: 41516 (relative sequence number)
......
[retransmit packet]
105339 20xx-xx-xx xx:xx:34.143000 xx.xx.xx.xxx xxx.xxx.xxx.xx TCP 1414 7391 [TCP Retransmission] 8080 → 50278 [ACK] Seq=41136 Ack=25939 Win=65535 Len=1360
Sequence number: 41136 (relative sequence number)
Next sequence number: 42496 (relative sequence number)
SSL Visibility Version 3.x
Retransmission packets is not same as original packet.
This behavior is based on design specification on SSL Visibility Version 3.x
Upgrade to SSL Visibility version 4.xx.
Please check SSL Visibility release note before upgrade to 4.x.x.
You can download release note and install image from MySymantec.