DLP 16.0.2

Platform hosted on VMWare

Too many dead detectors configured in the Enforce console.

After further review of the issue, we found the accept timeout was being triggered after 60 seconds at the detector, triggering a disconnect from Enforce.

While the detector is waiting for an SSL connection, Enforce is rotating through ALL dlp servers, including dead servers.

These dead servers configured in Enforce take time to resolve the name, connect to the IP returned and establish initial connection.
 
The root cause is the timeout ceiling is 60 seconds on the detectors is being breached, because the software it takes more than 60 seconds to rotate through ALL the configured detectors.
 
The solution is to remove the dead detectors from the console.
Workaround, configure dead detectors with a non-routable IP address.