FIREWALL CONFIGURATION SETTINGS
- Use VIP Service domain name whitelisting. This is preferable to using IP netblocks.
- Configure hostnames to recognize sub-domains of vip.symantec.com (e.g., *.vip.symantec.com). If you are unable to whitelist *.vip.symantec.com sub-domains, whitelist these specific hostnames:
- services-auth.vip.symantec.com (port 443)
- services.vip.symantec.com (port 443)
- userservices-auth.vip.symantec.com (port 443)
- userservices.vip.symantec.com (port 443)
- goidservices-auth.vip.symantec.com (port 443)
- liveupdate.symantecliveupdate.com (port 80) VIP Gateway version 9.10.2 and above is now using port 443 for LiveUpdate connections
- liveupdate.symantec.com (port 80) VIP Gateway version 9.10.2 and above is now using port 443 for LiveUpdate connections
- api-auth.vip.symantec.com (port 443)
- oidc.vip.symantec.com (port 443) Note: Only required if using the Microsoft Entra ID integration.
- oidc2.vip.symantec.com (port 443) Note: Only required if using the Symantec SiteMinder OIDC integration.
- If whitelisting hostnames is not an option, update firewall configurations to allow all outbound connectivity to the following Google Cloud IP netblocks.
IP address pinning of VIP URLs may result in VIP Service disruption and is not supported. Public DNS resolves traffic to the active VIP IP addresses through the domain in the URLs listed below.
Globally Load Balanced URLs
|
 GCP West Region Netblocks
|
 GCP East Region Netblocks
|
services-auth.vip.symantec.com
services.vip.symantec.com
userservices-auth.vip.symantec.com
userservices.vip.symantec.com
|
144.49.0.0/16
|
VIP ENTERPRISE GATEWAY, CUSTOM APPLICATIONS, AND ENTERPRISE INTEGRATION CONFIGURATION SETTINGS
The VIP Enterprise Gateway(s) and Web Services WSDL files are configured to use the following globally load-balanced URLs issued by Symantec VIP. Custom applications should point to these same relevant URLs.
-
- services-auth.vip.symantec.com
- services.vip.symantec.com
- userservices-auth.vip.symantec.com
- goidservices-auth.vip.symantec.com (legacy goID credentials)
- liveupdate.symantecliveupdate.com
- liveupdate.symantec.com
- my.vip.symantec.com (My VIP self-service portal)
- ssp.vip.symantec.com (legacy VIP self-service portal)
- login.vip.symantec.com (SAML endpoint)
- oidc.vip.symantec.com (OpenID Connect endpoint)
ADDITIONAL RESOURCES
VIP Web Services best practice for high availability and optimal performance
VIP Enterprise Gateway end-of-support announcement