An agent wake-up call doesn't work when the client is connected through a VPN. By design, the Trellix Agent (TA) binds to the first IP address that it receives during startup.
This IP address is the one that's sent to the ePO Server. The address that the client is given during system startup
isn't the Network Address Translation address. So, the ePO Server is unable to connect to TA using an agent wake-up call.
But, the client-to-ePO server communication works, because the client is aware of the ePO Server IP address. The result indicates that the client receives all updates and policies from the server with every agent-to-server communication.
