The connection could be slow enough to prevent everything from loading before the 20 second default timout value. There are TA logs on any host that attempts to connect to a TA, located at "C:\Users\*username*\McAfee\NetworkSecurityManager\*server name*\ThreatAnalyzer\threatanalyzer.log", and there will be entries stating the connection timed out after 20000 ms or so. To increase the timeout value, follow Solution 2, step 4 of this KB:
We started to experiance this issue after upgradig to v188.8.131.52. Have you always had this issue or did it only start to occur after an upgrade?
I have tried the solution in KB77014, but it did not work for me. Did it solve the issue for you?
If the ta.prop file does not solve the issue, open a case with the support team and we'll see what's going on. Typically it's just the extra latency from the VPN causing the RTTA to not load everything within the 20 second timeout period, but there are other things we could look at.
Would the heap size play a factor into this at all? I noticed that the newly installed lab NSM has a heap size of 1024m, double that of our production heap size. I only ask because we have VPN users that are experiencing trouble opening alerts. If they wait 5-10 mins, those alerts become available. Naturally, I would expect this to happen to campus users too, but it seems to only happen over VPN.
## You can increase max heap memory size for real-time and historical Threat Analyzers by un-commenting this line and increase the values. They are default to 512m.
PROD-## You can increase max heap memory size for real-time and historical Threat Analyzers by un-commenting this line and increase the values. They are default to 512m.