For fault tolerance, fixed site backup connections must have IPsec tunnels to a physically separate compute region relative to your primary site, as well as:
Explicit traffic redirection within an IPsec tunnel to Cloud SWG should always point to ep.threatpulse.net:80 . For additional information, please see the online documentation.
For optimal performance and fault tolerance, explicit traffic should be redirected to proxy.threatpulse.net:8080. This hostname automatically resolves to the nearest Cloud SWG data center based on the geo-location of the client's DNS resolver. In the event of an outage (including planned maintenance), users will be automatically redirected to the nearest available data center.
Should the need to avoid geo-location services with explicit exist, the following Cloud SWG explicit IP addresses indicate the hosts an admin can point to for explicit or proxy forwarded traffic.
Nearest data center selection is performed automatically by the agent based on the geo-location of the end user's public egress IP address. No manual configuration is required. It is imperative that firewalls allow traffic between the agents and the Cloud SWG Ingress and egress ranges specified below.
Cloud SWG Portal | |
portal.threatpulse.com | 35.245.151.224 34.82.146.64 |
Cloud Traffic Controller (CTC) | |
Primary: ctc.threatpulse.com Secondary: ctc-uat.threatpulse.com Note: Use the secondary CTC endpoint service to route a subset of traffic from a different egress IP address. See Test Agent Traffic From a New Egress IP Address. |
Primary: 130.211.30.2 Secondary: 34.110.245.218 |
Auth Manager | |
auth.threatpulse.com | 35.245.151.226 34.82.146.65 |
PAC File Management Service | |
pfms.wss.symantec.com | 34.120.17.44 |
Note: The "ingress ranges" in the third column are also the Cloud SWG "egress ranges".
Location (codename) | Compute region | Ingress IP address (IPsec and trans-proxy) | Ingress and egress ranges for other access methods and for auth connector |
AMERICAS | |||
Buenos Aires, Argentina (GARBA1) Localization zone |
Sao Paulo, Brazil | 34.95.226.164 | 34.95.226.0/24 |
Columbia, South Carolina (GUSCO1) Dedicated IP site |
Columbia, South Carolina | 168.149.137.164 | 168.149.135.0/24 168.149.137.0/24 168.149.138.0/24 168.149.139.0/24 168.149.140.0/24 168.149.141.0/24 |
Des Moines, Iowa (GUSDM1) Dedicated IP site |
Des Moines, Iowa | 199.247.42.164 |
199.247.32.0/24 |
Las Vegas, Nevada (GUSLV1) |
Las Vegas, Nevada |
168.149.133.164 | 168.149.133.0/24 168.149.160.0/24 |
Los Angeles, California (GUSLA1) Dedicated IP site |
Los Angeles, California |
199.19.248.164 | 148.64.18.0/24 199.19.248.0/24 |
Mexico City, Mexico (GMXMC1) Localization zone |
Los Angeles, California | 170.176.246.164 | 170.176.246.0/24 |
Montreal, Canada (GCAMO1) Dedicated IP site |
Montreal, Canada | 199.19.253.164 |
199.19.253.0/24 |
Portland, Oregon (GUSPO1) | Portland, Oregon | 170.176.241.164 | 170.176.241.0/24 168.149.164.0/24 148.64.16.0/24 |
Sao Paulo, Brazil (GBRSP1) Dedicated IP site |
Sao Paulo, Brazil | 34.95.130.164 | 34.95.130.0/24 34.95.146.0/24 |
Toronto, Canada (GCATO2) |
Toronto, Canada | 168.149.130.164 | 168.149.130.0/24 168.149.131.0/24 |
Washington, DC (GUSAS1) | Washington, DC | 170.176.240.164 |
168.149.142.0/24 |
APAC |
|||
Auckland, New Zealand (GNZAU1) |
Sydney, Australia | 168.149.170.164 |
168.149.170.0/24 |
Bangkok, Thailand (GTHBA11) |
Singapore | - |
168.149.179.64/27 |
Beijing, China (ACNBJ2) | Beijing, China | 52.131.103.144 |
52.131.103.144/28 |
Delhi, India (GINDE1) Dedicated IP site |
Delhi, India | 168.149.182.164 |
168.149.182.0/24 |
Hanoi, Vietnam (GVNHA11) Localization zone |
Singapore | - |
168.149.179.96/27 |
Hong Kong (GCNHK1) | Hong Kong | 103.246.38.164 |
103.246.38.0/24 |
Islamabad, Pakistan (GPKIS) Localization zone |
Zurich, Switzerland | - |
34.65.98.0/24 |
Jakarta, Indonesia (GIDJK11) | Jakarta, Indonesia | - |
168.149.180.0/24 |
Kuala Lumpur, Malaysia (GMYKL11) Localization zone |
Singapore | - |
168.149.179.0/26 |
Manila, Philippines (GPHMA11) Localization zone |
Jakarta, Indonesia | - |
168.149.181.0/25 |
Melbourne, Australia (GAUME1) | Melbourne, Australia | 168.149.190.164 |
168.149.190.0/24 |
Mumbai, India (GINMU1) Dedicated IP site |
Mumbai, India | 148.64.4.164 |
148.64.1.0/24 |
Osaka, Japan (GJPOS1) | Osaka, Japan | 98.158.245.164 |
98.158.245.0/24 |
Seoul, South Korea (GKRSE1) | Seoul, South Korea | 168.149.154.164 |
168.149.154.0/24 |
Shanghai, China (ACNSH2) | Shanghai, China | 40.72.119.208 |
40.72.119.208/28 |
Singapore (GSGRS1) Dedicated IP site |
Singapore | 103.246.37.164 |
103.246.37.0/24 |
Sydney, Australia (GAUSY1) Dedicated IP site |
Sydney, Australia | 103.246.36.164 |
103.246.36.0/24 |
Taipei, Taiwan (GTWTA1) | Taipei, Taiwan | 168.149.155.164 |
168.149.155.0/24 |
Tokyo, Japan (GJPTK1) Dedicated IP site |
Tokyo, Japan | 223.29.216.164 |
223.29.216.0/24 |
EUROPE AND THE MIDDLE EAST |
|||
Abu Dhabi, UAE (GAEAD1) |
Mumbai, India | 168.149.175.164 |
168.149.175.0/24 |
Amsterdam, the Netherlands (GNLAM1) Dedicated IP site |
Amsterdam, the Netherlands | 98.158.252.164 |
98.158.252.0/24 |
Ankara, Turkey (GTRAN1) |
Zurich, Switzerland | 46.235.158.192 |
46.235.158.192/26 |
Athens, Greece (GGRAT11) Localization zone |
Frankfurt, Germany | - |
46.235.156.128/27 |
Brussels, Belgium (GBEBR11) | Brussels, Belgium | - |
46.235.155.0/24 |
Bucharest, Romania (GROBU1) |
Frankfurt, Germany | 168.149.148.164 |
168.149.148.0/24 |
Copenhagen, Denmark (GDKCP1) Localization zone |
Amsterdam, the Netherlands | 148.64.14.164 |
148.64.14.0/24 |
Dover, England (GGBDO1) |
Brussels, Belgium | 148.64.24.164 |
148.64.24.0/24 |
Dubai, UAE (GAEDX1) |
Zurich, Switzerland | - |
34.65.98.0/24 |
Dublin, Ireland (GIEDU1) Localization zone |
London, England | 148.64.15.164 |
148.64.15.0/24 |
Frankfurt, Germany (GDEFR1) Dedicated IP site |
Frankfurt, Germany | 199.247.38.164 |
199.247.34.0/24 |
Helsinki, Finland (GFIHE1) | Helsinki, Finland | 168.149.149.164 |
168.149.149.0/24 |
Lisbon, Portugal (GPTLI11) Localization zone |
Zurich, Switzerland | - |
46.235.158.96/27 |
London, England (GGBLO1) Dedicated IP site |
London, England | 148.64.26.164 |
148.64.9.0/24 |
Madrid, Spain (GESMA1) Localization zone Dedicated IP site |
Zurich, Switzerland | 185.180.48.164 |
185.180.48.0/24 |
Milan, Italy (GITMI1) Localization zone |
Frankfurt, Germany | 46.235.159.164 |
46.235.159.0/24 |
Nicosia, Cyprus (GCYNI11) Localization zone |
Frankfurt, Germany |
46.235.156.64/27 |
|
Oslo, Norway (GNOOS1) Localization zone |
Helsinki, Finland | 109.68.63.164 |
109.68.63.0/24 |
Paris, France (GFRPA1) Localization zone Dedicated IP site |
Brussels, Belgium | 46.235.153.164 |
46.235.153.0/24 |
Riyadh, Saudi Arabia (GSARI1) |
Mumbai, India | 148.64.6.1 |
148.64.6.0/26 |
Stockholm, Sweden (GSESK1) Localization zone |
Helsinki, Finland | 199.247.35.164 |
199.247.35.0/24 |
Tel Aviv, Israel (GILTA2) | Tel Aviv, Israel | 198.135.125.164 |
198.135.125.0/24 |
Valletta, Malta (GMTVA11) Localization zone |
Frankfurt, Germany | - |
46.235.156.160/27 |
Vienna, Austria (GATVI11) Localization zone |
Frankfurt, Germany | - |
46.235.156.32/27 |
Warsaw, Poland (GPOWA1) | Warsaw, Poland | 103.9.99.164 |
103.9.99.0/24 |
Zurich, Switzerland (GCHZU1) | Zurich, Switzerland | 148.64.11.164 |
148.64.11.0/24 |
AFRICA | |||
Abuja, Nigeria (GNGAB11) |
Zurich, Switzerland | - |
46.235.158.64/27 |
Accra, Ghana (GGHAC11) |
Zurich, Switzerland | - |
46.235.158.0/27 |
Algiers, Algeria (GDZAL11) |
Frankfurt, Germany | - |
46.235.156.0/27 |
Cairo, Egypt (GEGCA11) |
Frankfurt, Germany | - |
46.235.156.96/27 |
Dakar, Senegal (GSNDA11) |
Zurich, Switzerland | - |
46.235.158.128/27 |
Gaborone, Botswana (GBWGA11) Localization zone |
London, England | - |
109.68.57.32/27 |
Harare, Zimbabwe (GZWHA11) Localization zone |
London, England | - |
109.68.56.0/27 |
Johannesburg, South Africa (GZAJB1) |
London, England | 109.68.58.164 |
109.68.58.0/24 |
Lilongwe, Malawi (GMWLI11) |
London, England | - |
109.68.57.96/27 |
Luanda, Angola (GAOLU11) |
London, England | - |
109.68.57.0/27 |
Lusaka, Zambia (GZMLU11) |
London, England | - |
109.68.57.224/27 |
Maputo, Mozambique (GMZMA11) Localization zone |
London, England | - |
109.68.57.160/27 |
Nairobi, Kenya (GKENA11) Localization zone |
London, England | - |
109.68.57.64/27 |
Port Louis, Mauritius (GMUPL11) Localization zone |
London, England | - |
109.68.57.128/27 |
Rabat, Morocco (GMARA11) Localization zone |
Zurich, Switzerland | - |
46.235.158.32/27 |
Tunis, Tunesia (GTNTU11) Localization zone |
Frankfurt, Germany | - |
46.235.156.192/27 |
Windhoek, Namibia (GNAWI11) Localization zone |
London, England | - |
109.68.57.192/27 |
Compute POP - Otherwise known as a data center, a point of presence that contains physical compute infrastructure.
Localization Zones - Provide an improved user experience by localizing content requests for countries where there is no Cloud SWG compute POP.
The Dedicated IPs feature is a cloud-native solution where Broadcom provides tenant-dedicated IPs in Cloud SWG data centers. The sites that host dedicated IPs are denoted in the table above with the "Dedicated IP sites" label below the site location and codename.
The Cloud SWG service now has a service points URL that can be used to retrieve our IP address space for all hosts, including the Portal, authentication, PFMS, CTC and so forth. The service points URL is https://servicepoints.threatpulse.com/ and is a JSON formatted document. Please note that the auth connector (aka bcca.exe) connects to IP addresses within the egress IP address range.