There are multiple client machines outside the internal network that are in CEM (Cloud-Enabled Management) mode that are displaying the following status under the "Task Status" tab while connected to a Task Server:

"Tickle connection: Not Connected"

ITMS 7.x, 8.x

Working as designed. The agents assigned to the internet site server will obtain tasks from this server, but not through the normal tickle method; The ports used for the tickle mechanism (usually ports 50120 through 50124) are not reliable on the Internet and would open security risks. For this security reason, the client task agent tickle is disabled on a cloud-enabled agent. While not in real time, tasks will still be received by the agent when it performs its routine check for tasks, which by default is every 30 minutes.

Per "What Functions Are Supported?" section (refer to page 7) in our "Cloud-Enabled Management for ITMS" white paper:

https://techdocs.broadcom.com/content/dam/broadcom/techdocs/us/en/dita/symantec-security-software/endpoint-security-and-management/it-management-suite/generated-pdfs/cloud_enabled_management_for_itms.pdf

“The task service can only be installed on site servers that are within the SMP Server network infrastructure. If you assign one of these task servers to an Internet site server, the agents assigned to the site will obtain tasks from this server, but not through the normal tickle method.   The client task agent tickle is disabled on a cloud-enabled agent. Tasks will be received by the agent when it performs its routine check for tasks, which by default is every 30 minutes.  Tasks can be received more quickly by using Time Critical Management’s persistent connections.”