Another egress port was added into the network traffic mapping for a probe to inspect the same SMTP traffic as the Network Monitor but this resulted in no incidents because the traffic was no longer monitored.
Release : 15.8
Symantec Data Loss Prevention Network Monitor currently only recognizes one VLAN tag in the ethernet frame, and expects an IP packet after the VLAN tag. In the event multiple VLAN tags are present, Network Monitor only recognizes the first tag, and expects to see a properly formed IP packet following the tag. Since for multiple VLANs what follows the first tag are additional VLAN tags instead of a properly formed IP packet, Network Monitor will discard the entire frame as a malformed frame.
The reason we only support one level of VLAN tag is that for most of our customers, Network Monitor is deployed at the customer's network egress point before the traffic is sent out to the customer's ISP. In such common deployments, we do not anticipate the existence of nested/multiple VLAN tags in the network packet. Consequently, we focused our development effort on achieving high performance when processing ethernet frames, by not attempting to process additional VLAN tags that we do not expect to see.
Remove the probe which added more than two VLAN tags into the SMTP headers which caused the SMTP traffic to be unprocessed by DLP Network Monitor.