Users accessing internet sites via Cloud SWG with IPSEC access method.
PAC file pushed out to all users proxying traffic to proxy.threatpulse.com:8080.
On the morning of May 10, no users could access internet sites going through GGBLO1 (maintenance carried out the previous night).
Cloud SWG Portal reported the IPSEC tunnel as down.
Explicit traffic over IPSEC must point to ep.threatpulse.com:80 (or 199.19.250.205:80) and not proxy.threatpulse.com as per the documentation.
Also changed the Checkpoint configuration to address a peering IP address issue per their KB article.
Always send explicitly proxies traffic over an IPSEC tunnel to the ep.threatpulse.com:80 endpoint.
With Checkpoint firewalls, make sure that the peer IP address sent over to Cloud SWG matches that configured in the Cloud SWG IPSEC location IP address field using the following setup:
The checkpoint firewall was sending an invalid IP address as it had the following setting enabled for peer IP address selection, which took the IP address from the Generic Properties section and NOT the egress IP address Cloud SWG saw the connections come in from.