Nisha,
We have our group policies within SEPM setup in a similar fashion in that clients which are primarily internal to the firewall will only pull updates from our SEPM server.
Just today we noticed in our firewall several clients are accessing an IP address of 143.127.102.41 which is one bit off from the one you've noticed which also belonging to Symantec.
My thoughts are that this traffic is submissions to Symantec's repository for huristical and reputation-based data protection (see attached screen shot).
I'm now testing this theory by temporarily turning off these submissions in my client and monitoring the firewall logs from my PC. I stress temporarily because I believe this data collection to be an important tool for Symantec in determining what is and isn't a threat however, If this turns out to be the case I am hoping we can use our SEPM server as a proxy to handle this reporting much like it does our definition updates.
To turn off the submissions do the following:
Open SEP client > Change Settings > Configure Settings for Client Management > Submissions tab > Heed warning and deselect all
I will post back after some monitoring with my results.
Chris