AV enforcement on VPN Zone stops all traffic on Sonicwall NSA 3500 Enhanced

Is this a site-to-site VPN or a Global VPN client?

This is a site-to-site vpn.

There is also nothing in the logs of the sonicwall that show that it is blocking udp port 59152 or 59153 which sends the mcafee status messages from the client and firewall that makes sure it is installed, updated, and running.

I will check with support in the morning. I think the issue is to do with the company key being checked via VPN and then further more via Internet on different device.

Do you have enforced client licenced on seperate firewalls?

We did try enforcing the AV on the remote firewall - We tried moving some licenses (share) to the remote firewall.

What is most puzzling is the Main Sonicwall does send out the request - but it never reaches the machine on the remote VPN.

Any ideas?

If this is site-to-site VPN then why are you trying to work in this way?  You should have the Enforcement on each Sites LAN and not VPN.  The SonicWALL at each site will then be responsible for its own AV.  As long as both devices are registered in the same MySonicWALL.COM account then you can go into Manage Licences on one of the firewalls and split the licences to each devices.  Say you have 50 licences, you could put 30 on the first device and 20 on the other.  That way, you don't need to increase the VPN traffic.

Thats how it was originally set up.  It was not working that way either.  The techs at Sonicwall then suggested I needed to move these to the firewall where all Internet traffic was channeled through the VPN since this is the firewall that checks for AV status.

Since all traffic is defaulted through the tunnel - the VPN updates would go through the tunnel anyway