You are integrating Email Security.cloud with Google Workspace for inbound emails.
Email Security.cloud
Learn how to configure Google Workspace Business and Education editions with Symantec Email Security.cloud as your inbound email gateway.
To scan email from external sources, you must register the IP addresses or mail hosts of the points of entry into your network. These points of entry may be firewalls, routers, mail servers, or a public hosted cloud service.
The public hosted cloud services that we support are Google's Workspace Email and Microsoft Office 365. This information is for guidance only. You must retrieve up-to-date information from your public hosted service account to ensure accuracy. Your account information in the Google Workspace portal provides the inbound route information that you need to enter into the Email Security Services portal.
Once you complete these steps, you can provision domains using the domain wizard in the Symantec.cloud portal under Services > Email Services > Domains. The Google Workspace MX records are needed for your inbound routes. This MX record is where Symantec delivers mail to after being processed by Email Security.cloud.
This will bypass any anti-spam scanning performed by Gmail on messages that have already been scanned by Symantec.cloud Infrastructure. However, any IP listed as Inbound Gateway will not be whitelisted if also added to the Email Whitelist. For the receiving IP, Gmail will use the first public IP not registered as an Inbound Gateway, found in the "Received: from" headers.
You can either add Email Security.cloud IP ranges as Inbound Gateway and use Gmail anti spam service (which can generate false positive verdicts), or add our IP ranges to your Email Whitelist to bypass all Gmail's Anti Spam scanning from our gateways.
216.82.240.0/20,103.9.96.0/22,195.245.230.0/23,194.106.220.0/23,193.109.254.0/23,117.120.16.0/21,46.226.48.0/21,95.131.104.0/21,85.158.136.0/21,67.219.240.0/20
Source: https://support.google.com/a/answer/60730?hl=en&ref_topic=2921034