You have DLP Endpoint agents installed and working correctly when on the LAN. Policies are received, incidents are communicated etc.
However, connecting by Microsoft Direct Access notice that the agent recieves no DLP policy changes. You can ping the detection server and telnet to port 10443 on the detection server. No incidents are created until the agent reconnects to the LAN.
FINEST level logs from the Endpoint Agent show messages such as:
8024 | FINEST | Communication.CurlTransportLayer | TransportDisconnectionInformation [DisconnectReason: FAILURE_TO_CONNECT, TransportErrorCode: SERVER_UNREACHABLE, ErrorMessage:Libcurl Error: '7'. Error Message: Couldn't connect to server. Last Error String: Failed to connect to <DetectionServerName.YourCompany.com> port 10443: Timed out
Microsoft Direct Access supports IPv6 connections only. All current versions of the DLP Endpoint Agent require native IPv4 connectivity.
See extract from the administrator guide for DLP (version 15.1):
Symantec Data Loss Prevention IPv6 support is limited to [Network] monitoring [solution]. The Enforce Server administration console must still be deployed on an IPv4 network; there is no support for command and control functionality over IPv6. This release does not include support for:
Only Network Monitor solution currently supports IPv6.
An enhancement request has been logged, but currently no release version has been assigned.