The organization has an on-premises Symantec ProxySG that protects the corporate network. To enforce the local policies while users are connected to the corporate network, Unified Agent (UA) must go into a passive mode. Passive mode ensures that the local policies take effect on all user devices.
The following log entry indicates where the connection is forcibly closed by the remote host.
<16>[05-24-2016 10:35:05 (UTC+5:30)]: Tunnel error on tunnel(non-interactive-user): (10054) An existing connection was forcibly closed by the remote host
The host does not mean only the data center, but includes intermediate devices such as firewalls, proxies, and so on. If the proxy does not allow the connection to the data center, the UA cannot detect itself from the portal. The UA also is unable to enter passive mode.
The outside of the home network and the UA is able to connect. This connection shows nothing wrong with the UA configuration and settings.
Unified Agent attempts to establish a connection to client.threatpulse.net, ctc.threatpulse.com, and portal.threatpulse.com, which it must do to determine whether it is on a protected network. When Unified Agent detects that it is on a protected network, it goes into passive mode automatically.