IP addresses in Agent connection status are from the wrong network relative to the reported detection server
Article ID: 225231
Data Loss Prevention Endpoint PreventData Loss Prevention
You are running detection servers both on the corporate network and in a DMZ accessible to internet based agents.
You notice in the Enforce console that a proportion of agents are reporting an IP address that cannot be accurate, given the name of the detection server they are reporting to. Eg some agents are reporting IP address ranges that are on the corporate LAN whilst the detection servers they are reporting to are listed as DMZ servers.
Release : 15.8, 15.7
Component : Endpoint agent/Network Configuration
Adopting best practices for load balancing can help with this issue (see below)
Not setting the agent polling interval lower than the default of 900 seconds (15 minutes) may also be significant
Other causes will be addressed in a future product version, expected in 15.8 MP2