Best Practices based on Connection Type (Access Method)
IPsec: For fault tolerance, each customer site should have IPsec tunnels established to at least two (2) WSS data centers in the table below, as well as:
Explicit over IPsec ("Trans-proxy" forwarding): Explicit traffic redirection within an IPsec tunnel to WSS should always point to ep.threatpulse.net:80
Explicit and Proxy Forwarding: For optimal performance and fault tolerance, explicit traffic should be redirected to proxy.threatpulse.net:8080. This hostname automatically resolves to the nearest WSS data center based on the geo-location of the client's DNS resolver. In the event of an outage (including planned maintenance), users will be automatically redirected to the nearest available data center.
Should the need to avoid GEO location services with explicit exists, the following WSS explicit IP addresses indicate the VIPs an admin can point to for explicit or Proxy Forwarded traffic.
SEP WTR: For optimal performance and fault tolerance, explicit traffic should be redirected to sep-wtr.threatpulse.net:8080. Nearest data center selection is performed automatically by the agent based on the geo location of the end user's public IP address. No manual configuration is required.
WSS Agent, Unified Agent: Nearest data center selection is performed automatically by the agent based on the geo-location of the end user's public egress IP address. No manual configuration is required.
|Cloud Traffic Controller (CTC) addresses|
WSS ingress and egress IP addresses
Note: The "ingress ranges" in the third column are also the WSS "egress ranges".
|Location (codename)||Ingress IP address (IPsec and trans-proxy)||Ingress and egress ranges for other access methods and for auth connector|
|Buenos Aires, Argentina (GARBA1) - vPOP to Sao Paulo||188.8.131.52||184.108.40.206/24|
|Columbia, South Carolina (GUSCO1) formerly Miami (GUSMI)||220.127.116.11||18.104.22.168/24
|Des Moines, Iowa (GUSDM1) formerly Chicago (GUSCH)||22.214.171.124||126.96.36.199/23
|Des Moines, Iowa (GUSDM2) formerly Dallas (GUSDA)||188.8.131.52||
|Des Moines, Iowa (GUSDM3) formerly Denver (GUSDV)||184.108.40.206||220.127.116.11/24|
|Las Vegas, Nevada (GUSLV1)||18.104.22.168||22.214.171.124/24
|Mexico City, Mexico (GMXMC1) - vPOP to Los Angeles||126.96.36.199||188.8.131.52/24|
|Montreal, Canada (GCAMO1)||184.108.40.206||220.127.116.11/24|
Los Angeles, California (GUSLA1) formerly San Jose, California (GUSSC)
|Sao Paulo, Brazil (GBRSP1)||18.104.22.168||22.214.171.124/24
Portland, Oregon (GUSPO1) formerly Seattle (GUSSE)
|Toronto, Canada (GCATO1) - vPOP to Montreal||126.96.36.199||188.8.131.52/24|
|Washington, DC (GUSAS1)||184.108.40.206||
Washington, DC (GUSAS2) - formerly New York, NY (GUSSA)
Auckland, New Zealand (GNZAU1) - vPOP to Sydney
Beijing, China (PEK1)
|Hong Kong (GCNHK1)||220.127.116.11||
|Mumbai, India (GINMU1)||18.104.22.168||
|Mumbai, India (GINMU2) formerly Chennai, India (GINCH)||22.214.171.124||
|Osaka, Japan (GJPOS1)||126.96.36.199||
|Seoul, South Korea (GKRSE1)
|Shanghai, China (SHA1)||188.8.131.52||
|Taipei, Taiwan (GTWTA1)
|Tokyo, Japan (GJPTK)||184.108.40.206||
|Wellington, New Zealand (GNZWL) - vPOP to Sydney||220.127.116.11||
|Amsterdam, the Netherlands (GNLAM1)||18.104.22.168||
|Bucharest, Romania (GROBU1) - vPOP to Frankfurt||22.214.171.124||
|Copenhagen, Denmark (GDKCP1) - vPOP to Amsterdam
|Dubai, UAE (GAEDX1) - vPOP to Zurich||126.96.36.199||
|Dublin, Ireland (GIEDU1) - vPOP to London||188.8.131.52||
|Frankfurt, Germany (GDEFR1)||184.108.40.206||
|Munich, Germany (GDEMU), soon to be Frankfurt, Germany (GDEFR2)||220.127.116.11||
|Helsinki, Finland (GFIHE1)||18.104.22.168||
|Johannesburg, South Africa (JNB2)||22.214.171.124||
|Madrid, Spain (GESMA1) - vPOP to Zurich||126.96.36.199||
|Middlesex, England (GGBLO1)||188.8.131.52||
|London, England (GGBLR) soon to be Middlesex, England (GGBLO2)||184.108.40.206||
|Milan, Italy (GITMI1) - vPOP to Frankfurt||220.127.116.11||
|Oslo, Norway (GNOOS1) - vPOP to Helsinki||18.104.22.168||
|Paris, France (GFRPA1) - vPOP to Belgium||22.214.171.124||
|Stockholm, Sweden (GSESK1) - vPOP to Helsinki||126.96.36.199||
|Tel Aviv, Israel (GILTA1) - vPOP to London||188.8.131.52||
|Turin, Italy (GITTU1) - vPOP to Frankfurt||184.108.40.206||
|Zurich, Switzerland (GCHZU1)||220.127.116.11||
*NOTE: IP addresses marked with an asterisk* will be removed from use as a part of the WSS 2021 POP Optimization. Please also refer to the WSS Status Page to view the announcements of these IP address changes.
Compute POP - A point of presence that contains physical compute infrastructure (aka: data center).
vPOP - Virtual point of presence. vPOPs are hosted in a "Compute POP" (data center) in another locale and provide content localization for users in a specific country. Performance is maintained for vPOP transactions thanks to our global private network that minimizes use of congested public Internet routes.