WSS Agent is not fully loaded after installing via an MDM. The command systemextensionsctl list shows that the WSS Agent network extension is being loaded and activated.
% systemextensionsctl list
* * Y2CCP3S9W7 com.symantec.wssa.wssax (7.5.1.16390/7.5.1) WSSA Network Extension [activated enabled]
error 20:56:34.918236-0600 nesessionmanager Failed to create a designated requirement from anchor apple generic and identifier
"com.symantec.wssa.wssax" and (certificate leaf[field.1.2.840.113635.100.6.1.9] / exists / or
certificate 1[field.1.2.840.113635.100.6.2.6] / exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists / and
certificate leaf[subject.OU] = Y2CCP3S9W7)
To resolve the problem, make sure that the VPN profiles were configured correctly and are identical to those instructions provided in the article: Install WSS Agent on macOS Big Sur under MDM—New Installations on Big Sur.
The Provider Designated Requirement should be as shown below. It SHOULD be /* exists */.
anchor apple generic and identifier "com.symantec.wssa.wssax" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */
or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */
and certificate leaf[subject.OU] = Y2CCP3S9W7)