Symantec Endpoint Protection Manager (SEPM) replication fails after up to 4 hours.
SEPM console shows replication status as "Failed".
When SEPM log level is set to FINEST, one of the replication partners' replication log in tomcat logs folder (by default, it's C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\logs) shows messages similar to below:
During a replication, a SEPM establishes a TCP connection to its partner and requests changes from the partner. Upon receiving the request, the partner retrieves the changes (since last successful replication) from its database and compress them into a zip file. This process can take some time due to reasons stated above and during this time, the TCP connection is idle. If this idle time is longer than the firewall session timeout, the firewall will remove this connection. As a result, replication will fail.
This issue has been fixed in Symantec Endpoint Protection 11 Release Update 7 (RU7). For information on how to obtain the latest build of Symantec Endpoint Protection, read TECH 103088: Obtaining an upgrade or update for Symantec Endpoint Protection or Symantec Network Access Control. We have enhanced the product to send "keep-alive" packet while the TCP connection is idle during SEPM replication. If you are not able to upgrade to RU7 you can work around the issue by reducing the ammount of data replicated and increasing the firewall session timeout to allow successful replication.
This problem can happen when there is a proxy firewall between the 2 SEPM replication partners and a large amount of data (usually hundreds of MBs) needs to be replicated because
The 2 SEPMs have never replicated with each other before.
Or the replication between the 2 SEPMs has stopped for quite a while and it's resuming.
Or it's a large environment with more than thousands of clients.
It's known that Juniper Netscreen firewall can cause this issue. Juniper Netscreen firewall has a default session timeout of 30 minutes.