Fix the location awareness slowness on SEP 12
We've been using SEP 11 for years to protect our mobile users laptops (1000+ people). We use the location awareness feature to adapt the firewall policy to the current location of the user. For example, if the laptop is outside our network, the firewall blocks everything. If the laptop is inside our network (or connected with a VPN), the firewall allows the connections to our systems. To achieve this, we use network detection rules in SEP, based on the interface name, IP addresses or the DNS suffix.
But with SEP 12, this location awareness feature has become very slow. For example, when our users connect in VPN to the headquarters, they switch from the location "outside" to the location "connected in VPN". The VPN connection itself is very quick, about 5 seconds. However, it takes ages to SEP to detect the location switch and allow the connections, maybe 1 mn. This is a very long time for the users, as they aren't even warned about this behavior by SEP.
According to this : TECH163097, the initial behavior was modified in SEP 12.1 and introduced a 30-60s delay for every location switch. This is way too much. The workaround is to not use network-based rules. So we are stuck with regular DNS/ICMP pings to identify the current location. These protocols are not reliable and if a packet is lost (for example if connected over a WAN/in mobile broadband), the location switches to the default and the connections are dropped.
We've been told by the technical support that this is "by design". But now the feature is clearly not usable anymore.
Please fix the location awareness feature as we won't upgrade all our users to SEP v12.