DLP Agent queries DNS the first listed agent handler in the sitelist to verify connectivity. The DNS lookup must return the IP listed in the sitelist or the DLP Agent will be offline. If a DMZ agent handler is listed first in the sitelist, the Agent Handler configuration will likely have a published IP address of the Public IP but DNS will return the private IP of the server.
From a client machine, check this registery key to view the sitelist:
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Network Associates\ePolicy Orchestrator\Agent | ePOServerList
Perform a NSLOOKUP and verify the FQDN resolves to the IP address listed for the first listed Agent Handler.
I'm currently having this issue, but only for incidents coming from Macintosh systems. I'm able to view evidence files generated by Window systems.
What version OSX is the client system? What version of DLPe is installed on that system?