Endpoint Protection

I have a problem where our machines suddenly can't connect from an untrusted network to our VPN.  It fails on the DNS lookup of the name of the destination VPN server.  If I put in the IP address of the destination VPN server, it works.

While still using the DNS name of the destination VPN server as the target in our Avaya VPN client, when SEP is enabled it fails every time on the lookup.  If I right-click on the SEP tray icon and select Disable Symantec Endpoing Protection, it still fails.  But, if I run an smc -stop from the command prompt to completely stop SEP, then it works.

Also, if I stop SEP and connect to VPN once, then disconnect, and restart SEP, it will work the second time.  I think that's because the IP associated with the target DNS name is cached for a short period of time.  If I reboot the machine, I'm back to square one where the machine can't connect again.

In the traffic log, I don't see any blocked outbound DNS requests.  I'm not sure what to do here.  Which things are turned off when you run smc -stop that would still be running when you select the Disable Symantec Endpoint Protection system tray option?  There seems to be a difference and whatever that difference is seems to be stopping the DNS lookups.  I don't see any security alerts in any of the logs.

by any chance do you have your location switching condition set to check on the DNS and the VPN clients ?

I'm not sure what you mean by that.  I am using location switching, and the firewall rules are restrictive when you are connected to an untrusted network.  But, when I use the system tray "Disable Symantec Endpoint Protection" option, then firewall rules should no longer be active.

navigate to clients tab and the select policies tab and look for "manage location". now select each locations one by one, and especially your VPN/OOO location if any and see what are the condition set on the right hand side.