Cloud SWG (formerly WSS) Ingress and Egress IP addresses
Article ID: 167174
Updated On:
Products
Cloud Secure Web Gateway - Cloud SWG
Issue/Introduction
- What are the IP addresses used to connect to the Symantec Cloud SWG?
- What are the data center names and locations?
- What are the Cloud SWG IP addresses and ranges that have to be permitted on firewalls?
- What is a Localization Zone and where are they located?
- What are the Cloud SWG ingress and egress IP subnet ranges?
- What are the IP addresses used by integrated services, such as Web Isolation?
Resolution
Table of Contents
Best Practices based on Connection Type (Access Method)
IPsec
For fault tolerance, fixed site backup connections must have IPsec tunnels to a physically separate compute region relative to your primary site, as well as:
- Only IPsec connections should redirect traffic to an IP address. All other connections should use Cloud SWG data center hostnames.
- IPsec connections are only accepted by the IPsec specific ingress IP addresses in the table below.
- IPsec configurations should have dead peer detection (DPD) enabled and a tunnel monitor (i.e., IPSLA) configured.
- IPsec phase 1 lifetime should be 24 hours, and phase 2 lifetime should be four hours.
- IKEv2 FQDN phase 2 lifetime should be 50 minutes.
- IPsec backup tunnels should never point to the same "compute POP" (data center) that the primary tunnel is going to.
Explicit over IPsec
Explicit traffic redirection within an IPsec tunnel to Cloud SWG should always point to ep.threatpulse.net:80 . For additional information, see the online documentation.
Explicit and Proxy Forwarding
For optimal performance and fault tolerance, explicit traffic should be redirected to proxy.threatpulse.net:8080. This hostname automatically resolves to the nearest Cloud SWG data center based on the geo-location of the client's DNS resolver. In the event of an outage (including planned maintenance), users will be automatically redirected to the nearest available data center.
Should the need to avoid geo-location services with explicit exist, the following Cloud SWG explicit IP addresses indicate the hosts an admin can point to for explicit or proxy forwarded traffic.
SEP Web and Cloud Access Protection
- Explicit Mode (Pac File): For optimal performance and fault tolerance, explicit traffic should be redirected to sep-wtr.threatpulse.net:8080. This hostname automatically resolves to the nearest Cloud SWG data center based on the geo-location of the client's DNS resolver. No manual configuration is required.
- Tunnel Mode: Nearest data center selection is performed automatically by the agent based on the geo-location of the end user's public egress IP address. No manual configuration is required.
WSS Agent
Nearest data center selection is performed automatically by the agent based on the geo-location of the end user's public egress IP address. No manual configuration is required. It is imperative that firewalls allow traffic between the agents and the Cloud SWG Ingress and egress ranges specified below.
IP Addresses for Cloud SWG-Integrated Services
- Web Isolation: The egress IPs used for Web Isolation sessions triggered by Cloud SWG policy will differ from the list below and are documented here: Web Isolation Cloud Ingress and Egress IP Addresses.
Cloud SWG Portal |
|
| portal.threatpulse.com | 34.49.9.67 |
Cloud Traffic Controller (CTC) |
|
| Primary: ctc.threatpulse.com
Secondary: ctc-uat.threatpulse.com Note: Use the secondary CTC endpoint service to route a subset of traffic from a different egress IP address. See Test Agent Traffic From a New Egress IP Address. |
Primary: 130.211.30.2
Secondary: 34.110.245.218 |
Auth Manager |
|
| auth.threatpulse.com | 34.160.229.36 |
PAC File Management Service |
|
| pfms.wss.symantec.com | 34.120.17.44 |
SGAPI - Used for UPE and Management Center |
|
| sgapi.es.bluecoat.com | 34.49.220.252 |
| sgapi.threatpulse.com | 34.245.151.229 |
Other Miscellaneous Host |
|
| pod.threatpulse.com | 34.8.147.172 34.102.158.11 34.49.209.59 |
Cloud SWG ingress and egress IP addresses
Note: The "ingress ranges" in the fourth column are also the Cloud SWG "egress ranges".
Americas |
|||
| Location (codename) | Compute region | Ingress IP address (IPsec and trans-proxy) | Ingress and egress ranges for other access methods and for auth connector |
| Bogota, Colombia (GCOBO) Localization zone |
Santiago, Chile | 199.116.174.164 | 199.116.174.0/24 2604:b040:13:1b00::/80 |
| Buenos Aires, Argentina (GARBA) Localization zone Dedicated IP site: New! Coming on May 20, 2025 |
Sao Paulo, Brazil | 34.95.226.164 | 34.95.226.0/24 2604:b040:13:1a00::/80 |
| Columbia, South Carolina (GUSCO) Dedicated IP site Policy Based Routing site |
Columbia, South Carolina | 168.149.137.164 | 168.149.135.0/24 168.149.137.0/24 168.149.138.0/24 168.149.139.0/24 168.149.140.0/24 168.149.141.0/24 2604:b040:13:1d00::/80 |
| Dallas, Texas (GUSDA) | Dallas, Texas | 168.149.128.164 | 168.149.128.0/24 2604:b040:13:1f00::/80 |
| Des Moines, Iowa (GUSDM) Dedicated IP site Policy Based Routing site |
Des Moines, Iowa | 199.247.42.164 | 199.247.32.0/24 199.247.33.0/24 199.247.42.0/24 199.247.43.0/24 199.247.44.0/24 199.247.45.0/24 199.116.168.0/24 199.116.169.0/24 199.116.170.0/24 199.116.171.0/24 199.116.173.0/24 148.64.31.0/24 35.192.241.0/24 2604:b040:13:1c00:100::/80 |
| Las Vegas, Nevada (GUSLV) | Las Vegas, Nevada | 168.149.133.164 | 168.149.133.0/24 168.149.160.0/24 2604:b040:13:2200::/80 |
| Los Angeles, California (GUSLA) Dedicated IP site |
Los Angeles, California | 199.19.248.164 | 148.64.18.0/24 199.19.248.0/24 2604:b040:13:2100:1::/80 |
| Mexico City, Mexico (GMXMC) Localization zone Dedicated IP site: New! Coming on May 20, 2025 |
Los Angeles, California | 170.176.246.164 | 170.176.246.0/24 2604:b040:13:2100::/80 |
| Montreal, Canada (GCAMO) Dedicated IP site |
Montreal, Canada | 199.19.253.164 | 199.19.253.0/24 148.64.21.0/24 2604:b040:13:1800::/80 |
| Portland, Oregon (GUSPO) | Portland, Oregon | 170.176.241.164 | 170.176.241.0/24 168.149.164.0/24 148.64.16.0/24 2604:b040:13:2000::/80 |
| Sao Paulo, Brazil (GBRSP) Dedicated IP site |
Sao Paulo, Brazil | 34.95.130.164 | 34.95.130.0/24 34.95.146.0/24 2604:b040:13:1a00:1::/80 |
| Toronto, Canada (GCATO) Dedicated IP site |
Toronto, Canada | 168.149.130.164 | 168.149.130.0/24 168.149.131.0/24 2604:b040:13:1900::/80 |
| Washington, DC (GUSAS) | Washington, DC | 170.176.240.164 | 168.149.142.0/24 168.149.143.0/24 168.149.144.0/24 168.149.145.0/24 168.149.146.0/24 168.149.151.0/24 168.149.152.0/24 168.149.153.0/24 168.149.157.0/24 170.176.240.0/24 2604:b040:13:1e00::/80 |
APAC |
|||
| Location (codename) | Compute region | Ingress IP address (IPsec and trans-proxy) | Ingress and egress ranges for other access methods and for auth connector |
| Auckland, New Zealand (GNZAU) Localization zone |
Sydney, Australia | 168.149.170.164 | 168.149.170.0/24 2604:b040:13:a00:1::/80 |
| Bangkok, Thailand (GTHBA) Localization zone |
Singapore | See ingress/egress range for GSGRS | 168.149.179.64/27 2604:b040:13:800::/80 |
| Beijing, China (ACNBJ) | Beijing, China | 52.131.103.144 | 52.131.103.144/28 52.131.113.48/28 52.131.113.80/28 52.131.113.128/28 52.131.113.144/28 52.131.113.176/28 52.131.113.192/28 52.131.113.208/28 52.131.113.224/28 52.131.113.240/28 52.131.114.0/28 52.131.114.16/28 52.131.114.32/28 52.131.114.48/28 |
| Delhi, India (GINDE) Dedicated IP site Policy Based Routing site |
Delhi, India | 168.149.182.164 | 168.149.182.0/24 168.149.183.0/24 168.149.184.0/24 168.149.185.0/24 168.149.186.0/24 168.149.187.0/24 168.149.188.0/24 168.149.189.0/24 2604:b040:13:700::/80 |
| Hanoi, Vietnam (GVNHA) Localization zone |
Singapore | See ingress/egress range for GSGRS | 168.149.179.96/27 2604:b040:13:800::/80 |
| Hong Kong (GCNHK) Dedicated IP site Policy Based Routing site |
Hong Kong | 103.246.38.164 | 103.246.38.0/24 2604:b040:13:200::/80 |
| Jakarta, Indonesia (GIDJK) | Jakarta, Indonesia | 168.149.180.164 | 168.149.180.0/24 2604:b040:13:900::/80 |
| Kuala Lumpur, Malaysia (GMYKL) Localization zone |
Singapore | See ingress/egress range for GSGRS | 168.149.179.0/26 2604:b040:13:800::/80 |
| Manila, Philippines (GPHMA) Localization zone |
Jakarta, Indonesia | See ingress/egress range for GIDJK | 168.149.181.0/25 2604:b040:13:900::/80 |
| Melbourne, Australia (GAUME) | Melbourne, Australia | 168.149.190.164 | 168.149.190.0/24 168.149.191.0/24 34.129.99.0/24 2604:b040:13:b00::/80 |
| Mumbai, India (GINMU) Dedicated IP site Policy Based Routing site |
Mumbai, India | 148.64.4.164 | 148.64.1.0/24 148.64.4.0/24 148.64.5.0/24 148.64.7.0/24 148.64.12.0/24 148.64.13.0/24 168.149.165.0/24 168.149.166.0/24 168.149.167.0/24 168.149.168.0/24 168.149.172.0/24 168.149.173.0/24 168.149.174.0/24 34.47.128.0/26 2604:b040:13:600::/80 |
| Osaka, Japan (GJPOS) | Osaka, Japan | 98.158.245.164 | 98.158.245.0/24 98.158.246.0/24 103.9.96.0/24 103.9.97.0/24 2604:b040:13:400::/80 |
| Seoul, South Korea (GKRSE) | Seoul, South Korea | 168.149.154.164 | 168.149.154.0/24 2604:b040:13:500::/80 |
| Shanghai, China (ACNSH) | Shanghai, China | 40.72.119.208 | 40.72.119.208/28 40.72.119.224/28 52.130.200.0/28 52.130.200.16/28 52.130.200.48/28 52.130.200.64/28 52.130.200.96/28 52.130.200.128/28 52.130.200.144/28 52.130.200.176/28 52.130.200.192/28 52.130.200.208/28 52.130.200.224/28 52.130.200.240/28 |
| Singapore (GSGRS) Dedicated IP site Policy Based Routing site |
Singapore | 103.246.37.164 | 103.246.37.0/24 148.64.3.0/24 168.149.178.0/24 168.149.150.0/24 2604:b040:13:800::/80 |
| Sydney, Australia (GAUSY) Dedicated IP site |
Sydney, Australia | 103.246.36.164 | 103.246.36.0/24 170.176.245.0/24 148.64.2.0/24 2604:b040:13:a00::/80 |
| Taipei, Taiwan (GTWTA) Policy Based Routing site |
Taipei, Taiwan | 168.149.155.164 | 168.149.155.0/24 2604:b040:13:100::/80 |
| Tokyo, Japan (GJPTK) Dedicated IP site Policy Based Routing site |
Tokyo, Japan | 223.29.216.164 | 223.29.216.0/24 223.29.217.0/24 223.29.218.0/24 223.29.219.0/24 2604:b040:13:300::/80 |
Europe and Middle East |
|||
| Location (codename) | Compute region | Ingress IP address (IPsec and trans-proxy) | Ingress and egress ranges for other access methods and for auth connector |
| Abu Dhabi, UAE (GAEAD) Localization zone |
Mumbai, India (Retiring on May 8, 2025) Dammam, Saudi Arabia |
168.149.175.164 (Retiring on May 8, 2025) See ingress/egress range for GSADA |
168.149.175.0/24 (Retiring on May 8, 2025) 199.19.254.176/28 2604:b040:13:600:1::/80 |
| Amsterdam, the Netherlands (GNLAM) Dedicated IP site |
Amsterdam, the Netherlands | 98.158.252.164 | 98.158.252.0/24 |
| Ankara, Turkey (GTRAN) Localization zone Dedicated IP site Policy Based Routing site |
Zurich, Switzerland | 46.235.158.192 | 46.235.158.192/26 185.180.51.0/24 2604:b040:13:1300:3::/80 |
| Athens, Greece (GGRAT) Localization zone |
Frankfurt, Germany | See ingress/egress range for GROBU | 46.235.156.128/27 |
| Belgrade, Serbia (GRSBE) Localization zone |
Milan, Italy | See ingress/egress range for GITMO | 199.116.172.128/27 2604:b040:13:1400::/80 |
| Brussels, Belgium (GBEBR) | Brussels, Belgium | - | 46.235.155.0/24 148.64.25.0/24 2604:b040:13:f00::/80 |
| Bucharest, Romania (GROBU) Localization zone |
Frankfurt, Germany | 168.149.148.164 | 168.149.148.0/24 |
| Copenhagen, Denmark (GDKCP) Localization zone |
Amsterdam, the Netherlands | 148.64.14.164 |
148.64.14.0/24 |
| Dammam, Saudi Arabia (GSADA) Dedicated IP site Policy Based Routing site |
Dammam, Saudi Arabia | 148.64.17.164 | 148.64.17.0/24 2604:b040:13:1600::/80 |
| Doha, Qatar (GQADO) Localization zone |
Dammam, Saudi Arabia | See ingress/egress range for GSADA | 199.19.254.144/28 2604:b040:13:1600::/80 |
| Dover, England (GGBDO) Localization zone Dedicated IP site Policy Based Routing site |
Brussels, Belgium | 148.64.24.164 | 148.64.24.0/24 109.68.59.0/24 109.68.60.0/24 109.68.61.0/24 109.68.62.0/24 170.176.242.0/24 2604:b040:13:f00:1::/80 |
| Dubai, UAE (GAEDX2) Localization zone |
Dammam, Saudi Arabia | See ingress/egress range for GSADA | 199.19.254.192/28 |
| Dublin, Ireland (GIEDU) Localization zone |
London, England | 148.64.15.164 | 148.64.15.0/24 |
| Frankfurt, Germany (GDEFR) Dedicated IP site |
Frankfurt, Germany | 199.247.38.164 | 199.247.34.0/24 199.247.38.0/24 199.247.39.0/24 199.247.40.0/24 199.247.41.0/24 2604:b040:13:1100:1::/80 |
| Helsinki, Finland (GFIHE) | Helsinki, Finland | 168.149.149.164 | 168.149.149.0/24 2604:b040:13:d00:1::/80 |
| Lisbon, Portugal (GPTLI) Localization zone |
Madrid, Spain | See ingress/egress range for GESTO | 199.116.175.80/28 2604:b040:13:e00::/80 |
| Ljubljana, Slovenia (GSILJ) Localization zone |
Milan, Italy | See ingress/egress range for GITMO | 199.116.172.160/27 2604:b040:13:1400::/80 |
| London, England (GGBLO) Dedicated IP site Policy Based Routing site |
London, England | 148.64.26.164 | 148.64.9.0/24 148.64.26.0/24 148.64.27.0/24 148.64.28.0/24 148.64.29.0/24 148.64.30.0/24 46.235.154.0/24 34.39.35.128/26 2604:b040:13:1000::/80 |
| Madrid, Spain (GESTO) Dedicated IP site |
Madrid, Spain | 199.19.249.164 | 199.19.249.0/24 2604:b040:13:e00::/80 |
| Manama, Bahrain (GBHMA) Localization zone |
Mumbai, India (Retiring on May 8, 2025) Dammam, Saudi Arabia |
See ingress/egress range for GAEAD (Retiring on May 8, 2025) See ingress/egress range for GSADA |
148.64.6.64/27 (Retiring on May 8, 2025) |
| Milan, Italy (GITMO) Dedicated IP site |
Milan, Italy | 185.180.49.164 | 185.180.49.0/24 2604:b040:13:1400::/80 |
| Nicosia, Cyprus (GCYNI) Localization zone |
Frankfurt, Germany | See ingress/egress range for GROBU | 46.235.156.64/27 |
| Oslo, Norway (GNOOS) Localization zone |
Helsinki, Finland | 109.68.63.164 | 109.68.63.0/24 2604:b040:13:d00::/80 |
| Paris, France (GFRVE) Dedicated IP site |
Paris, France | 199.116.172.1 | 199.116.172.0/25 |
| Riga, Latvia (GLVRI) Localization zone |
Helsinki, Finland | See ingress/egress range for GHEFI | 199.116.175.0/27 2604:b040:13:d00:1::/80 |
| Stockholm, Sweden (GSESK) Localization zone |
Helsinki, Finland | 199.247.35.164 | 199.247.35.0/24 2604:b040:13:d00:2::/80 |
| Tallinn, Estonia (GEETA) Localization zone |
Helsinki, Finland | See ingress/egress range for GHEFI | 199.116.172.224/27 2604:b040:13:d00:1::/80 |
| Tel Aviv, Israel (GILTA) Dedicated IP site Policy Based Routing site |
Tel Aviv, Israel | 198.135.125.164 | 198.135.125.0/24 2604:b040:13:1700::/80 |
| Valletta, Malta (GMTVA) Localization zone |
Milan, Italy | See ingress/egress range for GITMO | 34.154.50.128/27 2604:b040:13:1400::/80 |
| Vienna, Austria (GATVI) Localization zone |
Frankfurt, Germany | See ingress/egress range for GDEFR | 46.235.156.32/27 |
| Vilnius, Lithuania (GLTVI) Localization zone |
Warsaw, Poland | See Ingress/egress range for GPOWA | 199.116.172.192/27 |
| Warsaw, Poland (GPOWA) | Warsaw, Poland | 103.9.99.164 | 103.9.99.0/24 |
| Zagreb, Croatia (GHRZA) Localization zone |
Milan, Italy | See ingress/egress range for GITMO | 168.149.132.224/27 2604:b040:13:1400::/80 |
| Zurich, Switzerland (GCHZU) | Zurich, Switzerland | 148.64.11.164 | 148.64.11.0/24 2604:b040:13:1300:2::/80 |
Africa |
|||
| Location (codename) | Compute region | Ingress IP address (IPsec and trans-proxy) | Ingress and egress ranges for other access methods and for auth connector |
| Abuja, Nigeria (GNGAB) Localization zone |
Madrid, Spain | See ingress/egress range for for GESTO | 199.116.175.64/28 2604:b040:13:e00::/80 |
| Accra, Ghana (GGHAC) Localization zone |
Madrid, Spain | See ingress/egress range for GESTO | 199.116.175.32/28 2604:b040:13:e00::/80 |
| Algiers, Algeria (GDZAL) Localization zone |
Milan, Italy | See ingress/egress range for GITMO | 34.154.250.192/27 2604:b040:13:1400::/80 |
| Cairo, Egypt (GEGCA) Localization zone |
Frankfurt, Germany | See ingress/egress range for GROBU | 46.235.156.96/27 |
| Dakar, Senegal (GSNDA) Localization zone |
Madrid, Spain | See ingress/egress range for GESTO | 199.116.175.96/28 2604:b040:13:e00::/80 |
| Gaborone, Botswana (GBWGA) Localization zone |
Johannesburg, South Africa | See ingress/egress range for GZASO | 199.19.254.16/28 2604:b040:13::/80 |
| Harare, Zimbabwe (GZWHA) Localization zone |
Johannesburg, South Africa | See ingress/egress range for GZASO | 199.19.254.128/28 2604:b040:13::/80 |
| Johannesburg, South Africa (GZASO) | Johannesburg, South Africa | 199.19.251.164 | 199.19.251.0/24 2604:b040:13::/80 |
| Lilongwe, Malawi (GMWLI) Localization zone |
Johannesburg, South Africa | See ingress/egress range for GZASO | 199.19.254.48/28 2604:b040:13::/80 |
| Luanda, Angola (GAOLU) Localization zone |
Johannesburg, South Africa | See ingress/egress range for GZASO | 199.19.254.0/28 2604:b040:13::/80 |
| Lusaka, Zambia (GZMLU) Localization zone |
Johannesburg, South Africa | See ingress/egress range for GZASO | 199.19.254.112/28 2604:b040:13::/80 |
| Maputo, Mozambique (GMZMA) Localization zone |
Johannesburg, South Africa | See ingress/egress range for GZASO | 199.19.254.80/28 2604:b040:13::/80 |
| Nairobi, Kenya (GKENA) Localization zone |
Johannesburg, South Africa | See ingress/egress range for GZASO | 199.19.254.32/28 2604:b040:13::/80 |
| Port Louis, Mauritius (GMUPL) Localization zone |
Johannesburg, South Africa | See ingress/egress range for GZASO | 199.19.254.64/28 2604:b040:13::/80 |
| Rabat, Morocco (GMARA) Localization zone |
Madrid, Spain | See ingress/egress range for GESTO | 199.116.175.48/28 2604:b040:13:e00::/80 |
| Tunis, Tunisia (GTNTU) Localization zone |
Milan, Italy | See ingress/egress range for GITMO | 34.154.50.192/27 2604:b040:13:1400::/80 |
| Windhoek, Namibia (GNAWI) Localization zone |
Johannesburg, South Africa | See ingress/egress range for GZASO | 199.19.254.96/28 2604:b040:13::/80 |
* The compute region will change on the designated date.
POP Types
- Compute POP - Otherwise known as a data center, a point of presence that contains physical compute infrastructure.
- Localization Zones - Provide an improved user experience by localizing content requests for countries where there is no Cloud SWG compute POP.
Dedicated IP Sites
Dedicated IPs (part of Cloud SWG Premium Routing) provides tenant-dedicated IPs in Cloud SWG data centers. Sites that host Dedicated IP infrastructure are denoted in the table above with the label: "Dedicated IP site" below the site codename.
Policy based Routing Sites
Policy Based Routing (part of Cloud SWG Premium Routing) provides control over traffic egress geolocation. Sites that host Policy Based Routing infrastructure are denoted in the table above with the label: "Policy Based Routing site" below the site codename.
Additional Information
The Cloud SWG service now has a service points URL that can be used to retrieve our IP address space for all hosts, including the Portal, authentication, PFMS, CTC and so forth. The service points URL is https://servicepoints.threatpulse.com/ and is a JSON formatted document. Note that the auth connector (aka bcca.exe) connects to IP addresses within the egress IP address range.
IMPORTANT NOTE: The service points URL https://servicepoints.threatpulse.com/ were deprecated on September 1, 2024. The new service points URL is https://servicepoints.threatpulse.com/api/v2/full and is live now. The data formatting has changed. To avoid any interruptions, review the changes in the files and start using the new URL as soon as possible. The service points URL was announced on May 29, 2024. To see the announcement, click here.
Feedback
Yes
No
Powered by
