CAM Communication issue with Symantec Endpoint Protection (SEP).

CAM communication does not work with the default UDP packet size of 8397 bytes. There are network errors seen in the CAM logs as below.

15:40:39.492 send_message(): Seq 2428, XX, from SERVERABC.ABC.CA.COM/CAI001344-00036, to 10.1.1.11/U-SECTOR_SRV, len 1359, data >Caxxxx<, created 31935, life 0, notifFy: yes, flags: 1, src 10.1.1.8, dst 10.7.48.11 

15:40:40.508 timer: discarding message sequence 2428 

15:40:40.508 start_poll( 10.1.1.11:4104, index 0 ) called 

15:40:40.508 bounce() called 

15:40:40.508 discarding message (reason: network error) ... 

15:40:40.508 bounce(): Seq 2428, XX, from SERVERABC.ABC.CA.COM/CAI001344-00036, to 10.1.1.11/U-SECTOR_SRV, len 1359, data >Caxxxx<, created 31935, life 0, notify: yes, flags: 1, src 10.1.1.8, dst 10.1.1.11 

15:40:40.508 swap_addr() called 10.1.1.11/U-SECTOR_SRV->SERVERABC.ABC.CA.COM/CAI001344-00036 

Camping and Nping (Nmap.org) seem to work with large UDP packet size of 10000 bytes confirming that there are no UDP packet drops.

This problem may happen due to 'Symantec Endpoint Protection'. 

Symantec Endpoint Protection (SEP) supports the following actions - where the traffic is allowed or blocked or the user is prompted.

• Allow

  Allows any communication of this type to take place.

• Block

  Prevents any communication of this type from taking place.

• Ask

  Asks the user to allow or block the traffic.

However, for some reason instead of blocking or allowing traffic, SEP was allowing smaller UDP packet size with CAM fragment size set to 1024 but was blocking 5% of larger UDP packet sizes randomly. 

The only way to get around this problem is to uninstall Symantec Endpoint Protection as disabling SEP still locks down the system.

If you experience similar behavior, please open a support issue with Symantec.