Configuration Requirements for VIP Services Platform connectivity to Google Cloud Platform (GCP)
search cancel

Configuration Requirements for VIP Services Platform connectivity to Google Cloud Platform (GCP)

book

Article ID: 192676

calendar_today

Updated On:

Products

VIP Service

Issue/Introduction

Symantec VIP services are hosted in multiple GCP availability zones. To ensure uninterrupted connectivity from your VIP Enterprise Gateways and hosted applications to the Symantec VIP GCP-hosted cloud platform, review and update your configurations. 

Resolution

FIREWALL CONFIGURATION SETTINGS

  1. Use VIP Service domain name whitelisting. This is preferable to using IP netblocks. 
  2. Configure hostnames to recognize sub-domains of vip.symantec.com (e.g., *.vip.symantec.com). If you are unable to whitelist *.vip.symantec.com sub-domains, whitelist these specific hostnames:

    • services-auth.vip.symantec.com (port 443)
    • services.vip.symantec.com (port 443)
    • userservices-auth.vip.symantec.com (port 443)
    • userservices.vip.symantec.com (port 443)
    • goidservices-auth.vip.symantec.com (port 443)
    • liveupdate.symantecliveupdate.com (port 80)
    • liveupdate.symantec.com (port 80)
    • api-auth.vip.symantec.com (port 443)
       
  3. If whitelisting hostnames is not an option, update firewall configurations to allow all outbound connectivity to the following Google Cloud IP netblocks.

IP address pinning of VIP URLs may result in VIP Service disruption and is not supported. Public DNS resolves traffic to the active VIP IP addresses through the domain in the URLs listed below. 


Globally Load Balanced URLs


GCP West Region Netblocks


GCP East Region Netblocks

services-auth.vip.symantec.com

services.vip.symantec.com

userservices-auth.vip.symantec.com

userservices.vip.symantec.com

144.49.0.0/16

 

VIP ENTERPRISE GATEWAY, CUSTOM APPLICATIONS, AND ENTERPRISE INTEGRATION CONFIGURATION SETTINGS

The VIP Enterprise Gateway(s) and Web Services WSDL files are configured to use the following globally load-balanced URLs issued by Symantec VIP. Custom applications should point to these same relevant URLs. 

    • services-auth.vip.symantec.com
    • services.vip.symantec.com
    • userservices-auth.vip.symantec.com
    • goidservices-auth.vip.symantec.com (legacy goID credentials)
    • liveupdate.symantecliveupdate.com
    • liveupdate.symantec.com
    • my.vip.symantec.com (My VIP self-service portal)
    • ssp.vip.symantec.com (legacy VIP self-service portal)
    • login.vip.symantec.com (SAML end-point)

 

ADDITIONAL RESOURCES

VIP Web Services best practice for high availability and optimal performance

VIP Enterprise Gateway end-of-support announcement