Customers needing more IP addresses and listeners for ep.threatpulse.net

WSSA 9.7.1

• The "low-range" of these endpoints (ep1.threatpulse.net through ep9.threatpulse.net - including ep.threatpuse.net, which overlaps with ep1.threatpulse.net) will ALWAYS be intercepted by active WSS Agents.
  • These are the currently-deployed endpoints, and they are hard-coded as "always intercept" by IP Address
  • They will be intercepted even if the agent is in intercept-only mode
  • They cannot be bypassed by adding to the ATM bypass list
• The "high-range" of these endpoints (ep10.threatpulse.net through ep32.threatpulse.net) will be treated by WSS Agents according to their ATM configuration
  • If the agent is selective intercept, the traffic to those addresses will not be intercepted
    • If those addresses are added to the "Always Intercept" ATM list, they will be intercepted
  • If the agent is in transparent web intercept or CFS, it will be intercepted
    • Since this is proxy traffic, it will be intercepted regardless of port - via the "Proxy in the Cloud" interception
  • If those addresses are bypassed, they will be bypassed and exempted from "Proxy in the Cloud" interception.

• In other words, the general rule of thumb is the IP addresses for the low-range epX.threatpulse.net endpoints will always be intercepted regardless of ATM configuration, the high-range epX.threatpulse.net endpoints will be treated according to ATM configuration.

  The above statements are based off the underlying IP addresses - so as it pertains to ep-all.threatpulse.net and ep-roundrobin.threatpulse.net, the low-range addresses will still be always intercepted, and the high-range addresses will honor ATM policy.