I got answer to my first problem.
This is what Symantec says
Resolution:
The unmanaged client installed from the CD does not include the rule to allow EAPOL* communication.
There are 4 options below to resolve this issue:
1. Install a managed client with the EAPOL rule allowed
2. Install an unmanaged client that has been exported from the Symantec Endpoint Protection Manager (SEPM)
console—It will include a rule to allow EAPOL
3. Generate a policy file allowing EAPOL from SEPM that can be imported on the client so that the traffic is allowed
4. Set a rule on the client to allow all traffic
* The Rule is called EAPOL in the management server.