Migration of Symantec Enterprise Division Network Protection Products backend services

Products

ASG-S200 ASG-S400 ASG-S500 ProxyAV Software - AVOS ProxySG Software - SGOS SSL Visibility Appliance Software Security Analytics SWG VA-100 SGVA CAS-VA Reporter-VA Web Isolation PacketShaper S-Series PolicyCenter S-Series

Issue/Introduction

SED Network Protection Products (including ProxySG, ASG, Content Analysis, SSLV, Management Center, Reporter, Web Isolation, Security Analytics, HW and virtual appliance offerings) will be migrating from Symantec/NortonLifelock hosted infrastructure to Broadcom infrastructure. License, downloads, validation and other services will move. The transition will occur in three phases to minimize customer impact.

Resolution

As part of the transition of Symantec Enterprise Division (SED) to Broadcom, we will be migrating our backend licensing and services for Network Protection Products (NPP), currently hosted on Symantec infrastructure, to Broadcom. This migration will occur in three phases:

Phase 1 – Symantec to Broadcom backend license server transition
Phase 2 – Transition to new IP addresses for NPP services on Broadcom infrastructure
Phase 3 – Retiring of Symantec IP addresses for NPP services

Phase 1 – Symantec to Broadcom backend license server transition

The first phase has no customer impact; it involves a migration of Symantec/Norton backend systems to Broadcom. This is strictly an internal transition, and requires no changes to the customer’s network/environment, all of the external NPP service points remain unchanged. The backend migration from Symantec/Norton to Broadcom was successfully completed as of 3pm PST, March 12, 2020. While there should be no impact in this initial phase, our Support teams are on standby to assist in case you have any issues or questions.

Phase 2 – Transition to new IP addresses for NPP services on Broadcom infrastructure

The next phase is scheduled for Friday evening at 6pm, April 10, 2020 and to complete by Saturday, April 11, 2020. In this phase, we will update our DNS entries for the NPP services to cutover to a new set of IP addresses (see below).

For some customers, this change may require you to update your Firewall rules. If you have any IP based firewall rules to allow product/licensing traffic, please ensure that your network/IT organization makes the necessary changes to allow these new Broadcom hosted IP addresses (192.19.237.x) by April 11, 2020. Existing rules which allow traffic to the Symantec hosted IP addresses (155.64.49.x) should also be left in place until after phase 3 is complete.

Phase 3 – Retiring of Symantec IP addresses for NPP services

The final phase will be to retire all of the old Symantec based IP addresses (155.64.49.x). These will be retired and will no longer be used to provide any NPP services.

List of NPP products that may be impacted

NPP products that rely on the licensing back-end include both Hardware and Virtual appliances. The list of products relying on backend NPP services include:

HW appliances
o ASG-S200/S400/S500 HW appliances
o Proxy, MACH5, and Reverse Proxy edition SG-S200/S400/S500 HW appliances
o Proxy and MACH5 edition SG300/600/900/9000 HW appliances
o Content Analysis CAS-S200/S400/S500 HW appliances
o ProxyAV HW appliances
o Management Center HW appliances
o SSL Visibility HW appliances
o Security Analytics HW appliances
o PacketShaper S-Series appliances
o PolicyCenter S-Series appliances

Virtual Appliances
o Gen2 SG-VA virtual appliances
o Gen1 SWG-V100 virtual appliances
o Gen1 MACH5 virtual appliances
o Content Analysis CAS-VA virtual appliances
o Management Center MC-V100 virtual appliances
o Reporter RPT-V100 virtual appliances
o Web Isolation virtual appliances