The management server list is key to make this work
http://www.symantec.com/business/support/index?page=content&id=TECH104519
The Management Server List
Clients and Enforcers must be able to connect to management servers to download security policies and settings. The Symantec Endpoint Protection Manager includes a file that helps manage the traffic between clients, management servers, and Enforcers. This file specifies the management servers to which clients or Enforcers connect. It can also specify the management servers to which clients or Enforcers connect in case the default management server is not available. This file is referred to as a Management Server List.
A Management Server List includes the IP addresses or host names of management servers to which clients and Enforcers can connect. You can customize the Management Server List before you deploy any clients or Enforcers.
When the Symantec Endpoint Protection Manager is installed, it creates a default Management Server List, in order to allow HTTP communication between clients, Enforcers, and management servers. The default Management Server List includes the IP addresses for all of the connected network interface cards (NICs) on all of the management servers at the site.
Although you cannot edit the default Management Server List, you can create a custom Management Server List. A custom Management Server List includes the exact management servers and the correct NICs to which you want clients to connect. In a customized list, you can also specify HTTPS protocol, verify the server certificate, and customize the HTTP or HTTPS port numbers.
The Management Server List can also be used in conjunction with Location Awareness to ensure that clients connect to the most appropriate server for their location. For example, an "Out of Office" location may have a Management Server List that points the clients to connect to a redirected HTTPS port on the enterprise firewall.