Hi David I am an old Sygate (then SEP) Administrator.
Back in 2005 we had similar issues and one day, I don't remember where, I found this
"Mail clients for POP3/SMTP/Lotus NRPC fail and certain web pages fail to load; mostly noticed with but not limited to secure web logon web pages. If setting SPA to Allow All the web pages begin to load and mail is being sent, then this Advanced Rule should correct your problem.
You probably have a DSL broadband connection that is using a DSL/NAT device or home router. DSL uses a lower MTU value than the default value of 1500 assigned by Microsoft for your network card. The best value can vary per user but for most people the MTU value of 1492 is the highest value that can be set and works for most users. When your MTU value is set higher than what is being allowed by the DSL/NAT modem an ICMP packet Type 3 is sent back to your PC telling your PC the packet that was just sent is too big, make it smaller and send it again. SPA will block this request so you must create the Advanced Rule. Now once Type 3 is allowed the Type 4 should be accepted back but just in case we set the rule to accept both ICMP type 3 and 4."
--
As soon as I enabled ICMP type 3 and 4 the problem went away.
Funny enough today I had a few people reporting the same problem, when we migrate to SEP I have refreshed the policies and forgotten about it ;)
So I looked on the forum and I found your post, and remembered the FIX (at least for us)
Hope it helps
Alex