Cloud SWG (formerly WSS) Ingress and Egress IP addresses
Article ID: 167174
Updated On:
Products
Issue/Introduction
- What are the IP addresses used to connect to the Symantec Cloud SWG?
- What are the data center names and locations?
- What are the Cloud SWG IP addresses and ranges that have to be permitted on firewalls?
- What is a Localization Zone and where are they located?
- What are the Cloud SWG ingress and egress IP subnet ranges?
- What are the IP addresses used by integrated services, such as Web Isolation?
Resolution
Table of Contents
Best Practices based on Connection Type (Access Method)
IPsec
For fault tolerance, fixed site backup connections must have IPsec tunnels to a physically separate compute region relative to your primary site, as well as:
- Only IPsec connections should redirect traffic to an IP address. All other connections should use Cloud SWG data center hostnames.
- IPsec connections are only accepted by the IPsec specific ingress IP addresses in the table below.
- IPsec configurations should have dead peer detection (DPD) enabled and a tunnel monitor (i.e., IPSLA) configured.
- IPsec phase 1 lifetime should be 24 hours, and phase 2 lifetime should be four hours.
- IKEv2 FQDN phase 2 lifetime should be 50 minutes.
- IPsec backup tunnels should never point to the same "compute POP" (data center) that the primary tunnel is going to.
Explicit over IPsec
Explicit traffic redirection within an IPsec tunnel to Cloud SWG should always point to ep.threatpulse.net:80 . For additional information, see the online documentation.
Explicit and Proxy Forwarding
For optimal performance and fault tolerance, explicit traffic should be redirected to proxy.threatpulse.net:8080. This hostname automatically resolves to the nearest Cloud SWG data center based on the geo-location of the client's DNS resolver. In the event of an outage (including planned maintenance), users will be automatically redirected to the nearest available data center.
Should the need to avoid geo-location services with explicit exist, the following Cloud SWG explicit IP addresses indicate the hosts an admin can point to for explicit or proxy forwarded traffic.
SEP Web and Cloud Access Protection
- Explicit Mode (Pac File): For optimal performance and fault tolerance, explicit traffic should be redirected to sep-wtr.threatpulse.net:8080. This hostname automatically resolves to the nearest Cloud SWG data center based on the geo-location of the client's DNS resolver. No manual configuration is required.
- Tunnel Mode: Nearest data center selection is performed automatically by the agent based on the geo-location of the end user's public egress IP address. No manual configuration is required.
WSS Agent
Nearest data center selection is performed automatically by the agent based on the geo-location of the end user's public egress IP address. No manual configuration is required. It is imperative that firewalls allow traffic between the agents and the Cloud SWG Ingress and egress ranges specified below. To avoid black-holing your agent traffic, it is imperative that your firewall allow traffic to other regional data centers in case the primary data center is unavailable or traffic needs to be rerouted to other data centers.
Best Practices for Cross-Regional Failover Support for Fixed Locations
In the event of excessive traffic load due to maintenance activities or a GCP regional outage, traffic to a Cloud SWG site can fail over to the designated failover site. In July 2025, Broadcom will enable a new improved cross-regional failover support. To ensure that your traffic fails over to the optimal region, configure your deployment according to the recommendations provided for each access method in the following documentation:
1. Link to the technical document
2. Link to KB Cloud SWG backup locations, hostnames and VIPs for fixed locations.
With Cloud SWG agent (WSSA, ESA) failover is automatic and does not require any workstation configuration. Please ensure your firewall allows traffic to other locations to allow for a smooth transition to any alternate locations.
IP Addresses for Cloud SWG-Integrated Services
- Web Isolation: The egress IPs used for Web Isolation sessions triggered by Cloud SWG policy will differ from the list below and are documented here: Web Isolation Cloud Ingress and Egress IP Addresses.
Cloud SWG Portal | |
| portal.threatpulse.com | 34.49.9.67 |
Cloud Traffic Controller (CTC) | |
| Primary: ctc.threatpulse.com Secondary: ctc-uat.threatpulse.com Note: Use the secondary CTC endpoint service to route a subset of traffic from a different egress IP address. See Test Agent Traffic From a New Egress IP Address. | Primary: 130.211.30.2 Secondary: 34.110.245.218 |
Auth Manager | |
| auth.threatpulse.com | 34.160.229.36 |
PAC File Management Service | |
| pfms.wss.symantec.com | 34.120.17.44 |
SGAPI - Used for UPE and Management Center | |
| sgapi.es.bluecoat.com | 34.49.220.252 |
| sgapi.threatpulse.com | 34.245.151.229 |
Other Miscellaneous Hosts | |
| pod.threatpulse.com | 34.8.147.172 34.102.158.11 34.49.209.59 |
| ced.broadcom.com | 192.19.145.20 |
Cloud SWG ingress and egress IP addresses
Note: The "ingress ranges" in the fourth column are also the Cloud SWG "egress ranges".
Americas | |||
| Location (codename) | Compute region | Ingress IP address (IPsec and trans-proxy) | Ingress and egress ranges for other access methods and for auth connector |
| Bogota, Colombia (GCOBO) Localization zone | Santiago, Chile | 199.116.174.164 | 199.116.174.0/24 34.176.130.96/28 2604:b040:13:1b00::/80 |
| Buenos Aires, Argentina (GARBA) Localization zone Dedicated IP site | Sao Paulo, Brazil | See ingress/egress range(s) for GBRSP | 199.247.32.96/27 2604:b040:13:1a00::/80 |
| Columbia, South Carolina (GUSCO) Dedicated IP site Policy Based Routing site | Columbia, South Carolina | 168.149.137.164 | 168.149.135.0/24 168.149.137.0/24 168.149.138.0/24 168.149.139.0/24 168.149.140.0/24 168.149.141.0/24 34.26.144.0/27 2604:b040:13:1d00::/80 |
| Dallas, Texas (GUSDA) | Dallas, Texas | 168.149.128.164 | 148.64.16.0/24 168.149.128.0/24 168.149.129.0/26 34.0.128.96/28 2604:b040:13:1f00::/80 |
| Des Moines, Iowa (GUSDM) Dedicated IP site Policy Based Routing site | Des Moines, Iowa | 199.247.42.164 | 199.247.42.0/24 199.247.44.0/24 199.116.169.0/24 199.116.170.0/24 148.64.31.0/24 35.192.241.0/24 34.4.96.0/28 2604:b040:13:1c00:100::/80 |
| Las Vegas, Nevada (GUSLV) | Las Vegas, Nevada | 168.149.133.164 | 168.149.133.0/24 168.149.160.0/24 34.186.10.128/28 2604:b040:13:2200::/80 |
| Los Angeles, California (GUSLA) Dedicated IP site | Los Angeles, California | 199.19.248.164 | 148.64.18.0/24 199.19.248.0/24 34.186.154.48/28 2604:b040:13:2100:1::/80 |
| Mexico City, Mexico (GMXMC) Localization zone Dedicated IP site Policy Based Routing site | Dallas, TX | See egress/ingress range(s) for GUSDA | 199.247.32.160/27 34.0.128.96/28 2604:b040:13:2100::/80 |
| Montreal, Canada (GCAMO) Dedicated IP site | Montreal, Canada | 199.19.253.164 | 199.19.253.0/24 148.64.21.0/24 35.215.33.224/28 2604:b040:13:1800::/80 |
| Portland, Oregon (GUSPO) | Portland, Oregon | 170.176.241.164 | 170.176.241.0/24 35.243.39.240/28 2604:b040:13:2000::/80 |
| Santiago, Chile (GCLSA) Dedicated IP site Policy Base Routing site | Santiago, Chile | N/A | DEI & PBR egress IPs only Site does not allow for ingress. Only egress using DEI or PBR |
| Sao Paulo, Brazil (GBRSP) Dedicated IP site Policy Based Routing site | Sao Paulo, Brazil | 34.95.130.164 | 34.95.130.0/24 34.39.171.128/28 2604:b040:13:1a00:1::/80 |
| Toronto, Canada (GCATO) Dedicated IP site | Toronto, Canada | 168.149.130.164 | 168.149.130.0/24 168.149.131.0/24 34.130.227.16/28 2604:b040:13:1900::/80 |
| Washington, DC (GUSAS) | Washington, DC | 170.176.240.164 | 168.149.142.0/24 168.149.145.0/24 168.149.146.0/24 168.149.151.0/24 168.149.152.0/24 168.149.153.0/24 168.149.157.0/24 170.176.240.0/24 34.4.32.0/27 2604:b040:13:1e00::/80 |
APAC | |||
| Location (codename) | Compute region | Ingress IP address (IPsec and trans-proxy) | Ingress and egress ranges for other access methods and for auth connector |
| Auckland, New Zealand (GNZAU) Localization zone | Sydney, Australia | See ingress/egress range(s) for GAUSY | 199.247.32.128/27 2604:b040:13:a00:1::/80 |
| Bangkok, Thailand (GTHBA) Localization zone | Singapore | See ingress/egress range for GSGRS | 168.149.179.64/27 2604:b040:13:800::/80 |
| Beijing, China (ACNBJ) | Beijing, China | 52.131.103.144 | 52.131.103.144/28 52.131.113.48/28 52.131.113.80/28 52.131.113.128/28 52.131.113.144/28 52.131.113.176/28 52.131.113.192/28 52.131.113.208/28 52.131.113.224/28 52.131.113.240/28 52.131.114.0/28 52.131.114.16/28 52.131.114.32/28 52.131.114.48/28 |
| Delhi, India (GINDE) Dedicated IP site Policy Based Routing site | Delhi, India | 168.149.182.164 | 168.149.182.0/24 168.149.183.0/24 168.149.185.0/24 168.149.186.0/24 168.149.187.0/24 168.149.188.0/24 34.131.18.224/28 2604:b040:13:700::/80 |
| Hanoi, Vietnam (GVNHA) Localization zone | Singapore | See ingress/egress range for GSGRS | 168.149.179.96/27 2604:b040:13:800::/80 |
| Hong Kong (GCNHK) Dedicated IP site Policy Based Routing site | Hong Kong | 103.246.38.164 | 103.246.38.0/24 34.96.162.112/28 2604:b040:13:200::/80 |
| Jakarta, Indonesia (GIDJK) | Jakarta, Indonesia | 168.149.180.164 | 168.149.180.0/24 34.50.110.136/29 2604:b040:13:900::/80 |
| Kuala Lumpur, Malaysia (GMYKL) Localization zone | Singapore | See ingress/egress range for GSGRS | 168.149.179.0/26 2604:b040:13:800::/80 |
| Manila, Philippines (GPHMA) Localization zone | Jakarta, Indonesia | See ingress/egress range for GIDJK | 168.149.181.0/25 2604:b040:13:900::/80 |
| Melbourne, Australia (GAUME) | Melbourne, Australia | 168.149.190.164 | 168.149.190.0/24 34.129.194.64/28 2604:b040:13:b00::/80 |
| Mumbai, India (GINMU) Dedicated IP site Policy Based Routing site | Mumbai, India | 148.64.4.164 | 148.64.1.0/24 148.64.4.0/24 148.64.5.0/24 148.64.7.0/24 148.64.12.0/24 168.149.165.0/24 168.149.167.0/24 34.47.128.0/26 34.180.15.224/28 2604:b040:13:600::/80 |
| Osaka, Japan (GJPOS) Dedicated IP site | Osaka, Japan | 98.158.245.164 | 98.158.245.0/24 103.9.96.0/24 2604:b040:13:400::/80 |
| Seoul, South Korea (GKRSE) | Seoul, South Korea | 168.149.154.164 | 168.149.154.0/24 34.0.96.0/29 2604:b040:13:500::/80 |
| Shanghai, China (ACNSH) | Shanghai, China | 40.72.119.208 | 40.72.119.208/28 40.72.119.224/28 52.130.200.0/28 52.130.200.16/28 52.130.200.48/28 52.130.200.64/28 52.130.200.96/28 52.130.200.128/28 52.130.200.144/28 52.130.200.176/28 52.130.200.192/28 52.130.200.208/28 52.130.200.224/28 52.130.200.240/28 |
| Singapore (GSGRS) Dedicated IP site Policy Based Routing site | Singapore | 103.246.37.164 | 103.246.37.0/24 168.149.150.0/24 168.149.178.0/24 34.158.32.16/28 2604:b040:13:800::/80 |
| Sydney, Australia (GAUSY) Dedicated IP site | Sydney, Australia | 103.246.36.164 | 103.246.36.0/24 103.246.39.0/24 148.64.2.0/24 34.40.220.240/28 2604:b040:13:a00::/80 |
| Taipei, Taiwan (GTWTA) Dedicated IP site Policy Based Routing site | Taipei, Taiwan | 168.149.155.164 | 168.149.155.0/24 34.81.162.200/29 2604:b040:13:100::/80 |
| Tokyo, Japan (GJPTK) Dedicated IP site Policy Based Routing site | Tokyo, Japan | 223.29.216.164 | 223.29.216.0/24 223.29.218.0/24 223.29.219.0/24 34.180.81.96/28 2604:b040:13:300::/80 |
Europe and Middle East | |||
| Location (codename) | Compute region | Ingress IP address (IPsec and trans-proxy) | Ingress and egress ranges for other access methods and for auth connector |
| Abu Dhabi, UAE (GAEAD) Localization zone | Mumbai, India | See ingress/egress range for GINMU | 199.247.33.0/26 (GAEAD) 2604:b040:13:600:1::/80 |
| Amsterdam, the Netherlands (GNLAM) Dedicated IP site | Amsterdam, the Netherlands | 98.158.252.164 | 98.158.252.0/24 34.178.0.16/28 2604:b040:13:1200:1::/80 |
| Ankara, Turkey (GTRAN) Localization zone Dedicated IP site Policy Based Routing site | Zurich, Switzerland | See ingress/egress range for GCHZU | 199.247.32.64/27 2604:b040:13:1300:3::/80 |
| Athens, Greece (GGRAT) Localization zone | Frankfurt, Germany | See ingress/egress range for GDEFR | 148.64.13.96/27 2604:b040:13:1100:2::/80 |
| Dhaka, Bangladesh (GBDDA) Localization zone starting on March 12, 2026 | Dammam, Saudi Arabia | See ingress/egress ranges for GSADA | 148.64.22.224/27 - Available on March 12, 2026 |
| Beirut, Lebanon (GLBBE) Localization zone starting on March 12, 2026 | Dammam, Saudi Arabia | See ingress/egress ranges for GSADA | 148.64.22.192/27 - Available on March 12, 2026 |
| Belgrade, Serbia (GRSBE) Localization zone | Milan, Italy | See ingress/egress range for GITMO | 199.116.172.128/27 2604:b040:13:1400::/80 |
| Bratislava, Slovakia (GSKBR) Localization zone starting on March 12, 2026 | Frankfurt, Germany | See ingress/egress range for GDEFR | 148.64.22.0/27 - Available on March 12, 2026 |
| Brussels, Belgium (GBEBR) Localization zone | Brussels, Belgium | See ingress/egress range for GGBDO | 199.247.45.0/25 2604:b040:13:f00::/80 |
| Bucharest, Romania (GROBU) Localization zone | Frankfurt, Germany | See ingress/egress range for GDEFR | 199.19.254.224/27 2604:b040:13:1100:2::/80 |
| Budapest, Hungary (GHUBU) Localization zone starting on March 12, 2026 | Frankfurt, Germany | See ingress/egress range for GDEFR | 148.64.13.192/27 - Available on March 12, 2026 |
| Copenhagen, Denmark (GDKCP) Localization zone Dedicated IP site | Amsterdam, the Netherlands | See ingress/egress range(s) for GNLAM | 199.247.32.32/27 |
| Dammam, Saudi Arabia (GSADA) Dedicated IP site Policy Based Routing site | Dammam, Saudi Arabia | 148.64.17.164 - Retiring on April 9, 2026 109.68.63.164 - New on March 10, 2026 | 148.64.17.0/24 - Retiring on April 9, 2026 109.68.63.0/24 - New on March 10, 2026 34.166.201.32/28 2604:b040:13:1600::/80 |
| Doha, Qatar (GQADO) Localization zone | Dammam, Saudi Arabia | See ingress/egress range for GSADA | 199.19.254.144/28 148.64.14.0/28 - New on March 10, 2026 2604:b040:13:1600::/80 |
| Dover, England (GGBDO) Localization zone Dedicated IP site Policy Based Routing site | Brussels, Belgium | 148.64.24.164 | 148.64.24.0/24 109.68.59.0/24 109.68.60.0/24 109.68.61.0/24 109.68.62.0/24 170.176.242.0/24 34.14.105.128/27 2604:b040:13:f00:1::/80 |
| Dubai, UAE (GAEDX) Localization zone | Dammam, Saudi Arabia | See ingress/egress range for GSADA | 199.19.254.192/28 148.64.14.16/28 - New on March 10, 2026 2604:b040:13:1600::/80 |
| Dublin, Ireland (GIEDU) Localization zone | London, England | See ingress/egress ranges for GGBLO | 199.247.45.128/25 34.4.48.0/27 2604:b040:13:1000:1::/80 |
| Frankfurt, Germany (GDEFR) Dedicated IP site | Frankfurt, Germany | 199.247.38.164 | 199.247.34.0/24 199.247.38.0/24 199.247.39.0/24 34.185.131.144/28 2604:b040:13:1100:1::/80 |
| Helsinki, Finland (GFIHE) Localization zone Dedicated IP site | Stockholm, Sweden | See ingress/egress ranges for GSESK | 199.247.32.0/28 2604:b040:13:d00:1::/80 |
Islamabad, Pakistan (GPKIS) | Dammam, Saudi Arabia - Available on March 12, 2026 | See ingress/egress ranges for GSADA | 148.64.22.160/27 - Available March 12, 2026 |
| Kuwait City, Kuwait (KWKC) Localization zone starting on March 12, 2026 | Dammam, Saudi Arabia - Available on March 12, 2026 | See ingress/egress ranges for GSADA | 148.64.22.96/27 - Available March 12, 2026 |
| Lisbon, Portugal (GPTLI) Localization zone | Madrid, Spain | See ingress/egress range for GESTO | 199.116.175.80/28 34.175.65.69/32 2604:b040:13:e00::/80 |
| Ljubljana, Slovenia (GSILJ) Localization zone | Milan, Italy | See ingress/egress range for GITMO | 199.116.172.160/27 2604:b040:13:1400::/80 |
| London, England (GGBLO) Dedicated IP site Policy Based Routing site | London, England | 148.64.26.164 | 46.235.154.0/24 148.64.9.0/24 148.64.26.0/24 148.64.27.0/24 148.64.28.0/24 148.64.29.0/24 34.39.35.128/26 34.4.48.0/27 109.68.56.0/24 2604:b040:13:1000::/80 |
| Madrid, Spain (GESTO) Dedicated IP site | Madrid, Spain | 199.19.249.164 | 199.19.249.0/24 34.175.160.112/28 2604:b040:13:e00::/80 |
| Manama, Bahrain (GBHMA) Localization zone | Mumbai, India | See ingress/egress range for GINMU | 148.64.13.128/26 |
| Milan, Italy (GITMO) Dedicated IP site | Milan, Italy | 185.180.49.164 | 46.235.159.128/25 185.180.49.0/24 34.154.242.160/28 2604:b040:13:1400::/80 |
| Muscat, Oman (GOMMU) Localization zone starting after March 12, 2026 | Dammam, Saudi Arabia - Available on March 12, 2026 | See ingress/egress ranges for GSADA | 148.64.22.128/27 - Available March 12, 2026 |
| Nicosia, Cyprus (GCYNI) Localization zone | Frankfurt, Germany | See ingress/egress range for GDEFR | 148.64.10.224/27 2604:b040:13:1100:2::/80 |
| Oslo, Norway (GNOOS) Localization zone | Stockholm, Sweden | See ingress/egress range for GSESK | 199.247.32.16/28 |
| Paris, France (GFRVE) Dedicated IP site | Paris, France | 199.116.172.1 | 199.116.172.0/25 34.155.98.48/28 2604:b040:13:1500::/80 |
| Prague, Czech Republic (GCZPR) Localization zone starting after March 12, 2026 | Frankfurt, Germany | See ingress/egress range for GDEFR | 148.64.13.224/27 - Available March 12, 2026 |
| Riga, Latvia (GLVRI) Localization zone | Helsinki, Finland | See ingress/egress range for GSESK | 148.64.10.208/28 2604:b040:13:d00:1::/80 |
Sarajevo, Bosnia and Herzegovina (GBASA) | Zurich, Switzerland - Available on March 12, 2026 | See ingress/egress range for GCHZU | 199.247.33.64/27 - Available March 12, 2026 |
Skopje, North Macedonia (GMKSK) | Zurich, Switzerland - Available on March 12, 2026 | See ingress/egress range for GCHZU | 148.64.22.32/27 - Available March 12, 2026 |
| Stockholm, Sweden (GSESK) Localization zone | Helsinki, Finland | 199.247.35.164 | 199.247.35.0/24 34.88.194.112/29 148.64.17.0/24 2604:b040:13:d00:2::/80 |
| Tallinn, Estonia (GEETA) Localization zone | Helsinki, Finland | See ingress/egress range for GSESK | 199.19.254.208/28 2604:b040:13:d00:1::/80 |
| Tel Aviv, Israel (GILTA) Dedicated IP site Policy Based Routing site | Tel Aviv, Israel | 198.135.125.164 | 198.135.125.0/24 34.165.195.160/28 2604:b040:13:1700::/80 |
| Tirana, Albania (GALTI) Localization zone starting after March 12, 2026 | Zurich, Switzerland - Available on March 12, 2026 | See ingress/egress range for GCHZU | 148.64.22.64/27 - Available March 12, 2026 |
| Valletta, Malta (GMTVA) Localization zone | Milan, Italy | See ingress/egress range for GITMO | 34.154.50.128/27 2604:b040:13:1400::/80 |
| Vienna, Austria (GATVI) Localization zone | Frankfurt, Germany | See ingress/egress range for GDEFR | 46.235.156.32/27 2604:b040:13:1100:1::/80 |
| Vilnius, Lithuania (GLTVI) Localization zone | Warsaw, Poland | See Ingress/egress range for GPOWA | 199.116.172.192/27 2604:b040:13:c00::/80 |
| Warsaw, Poland (GPOWA) | Warsaw, Poland | 103.9.99.164 | 103.9.99.0/24 34.4.64.0/29 2604:b040:13:c00::/80 |
| Zagreb, Croatia (GHRZA) Localization zone | Milan, Italy | See ingress/egress range for GITMO | 168.149.132.224/27 2604:b040:13:1400::/80 |
| Zurich, Switzerland (GCHZU) | Zurich, Switzerland | 148.64.11.164 | 148.64.11.0/24 35.216.128.144/28 2604:b040:13:1300:2::/80 |
Africa | |||
| Location (codename) | Compute region | Ingress IP address (IPsec and trans-proxy) | Ingress and egress ranges for other access methods and for auth connector |
| Abuja, Nigeria (GNGAB) Localization zone | Madrid, Spain | See ingress/egress range for for GESTO | 199.116.175.64/28 34.175.220.157/32 2604:b040:13:e00::/80 |
| Accra, Ghana (GGHAC) Localization zone | Madrid, Spain | See ingress/egress range for GESTO | 199.116.175.32/28 34.175.63.171/32 2604:b040:13:e00::/80 |
| Algiers, Algeria (GDZAL) Localization zone | Milan, Italy | See ingress/egress range for GITMO | 34.154.250.192/27 2604:b040:13:1400::/80 |
| Cairo, Egypt (GEGCA) Localization zone | Frankfurt, Germany | See ingress/egress range for GDEFR | 148.64.13.64/27 |
| Dakar, Senegal (GSNDA) Localization zone | Madrid, Spain | See ingress/egress range for GESTO | 199.116.175.96/28 34.175.234.195/32 2604:b040:13:e00::/80 |
| Gaborone, Botswana (GBWGA) Localization zone | Johannesburg, South Africa | See ingress/egress range for GZASO | 199.19.254.16/28 2604:b040:13::/80 |
| Harare, Zimbabwe (GZWHA) Localization zone | Johannesburg, South Africa | See ingress/egress range for GZASO | 199.19.254.128/28 2604:b040:13::/80 |
| Johannesburg, South Africa (GZASO) | Johannesburg, South Africa | 199.19.251.164 | 199.19.251.0/24 34.35.115.224/29 2604:b040:13::/80 |
| Lilongwe, Malawi (GMWLI) Localization zone | Johannesburg, South Africa | See ingress/egress range for GZASO | 199.19.254.48/28 2604:b040:13::/80 |
| Luanda, Angola (GAOLU) Localization zone | Johannesburg, South Africa | See ingress/egress range for GZASO | 199.19.254.0/28 2604:b040:13::/80 |
| Lusaka, Zambia (GZMLU) Localization zone | Johannesburg, South Africa | See ingress/egress range for GZASO | 199.19.254.112/28 2604:b040:13::/80 |
| Maputo, Mozambique (GMZMA) Localization zone | Johannesburg, South Africa | See ingress/egress range for GZASO | 199.19.254.80/28 2604:b040:13::/80 |
| Nairobi, Kenya (GKENA) Localization zone | Johannesburg, South Africa | See ingress/egress range for GZASO | 199.19.254.32/28 2604:b040:13::/80 |
| Port Louis, Mauritius (GMUPL) Localization zone | Johannesburg, South Africa | See ingress/egress range for GZASO | 199.19.254.64/28 2604:b040:13::/80 |
| Rabat, Morocco (GMARA) Localization zone Dedicated IP site | Madrid, Spain | See ingress/egress range for GESTO | 199.116.175.48/28 34.175.124.242/32 2604:b040:13:e00::/80 |
| Tunis, Tunisia (GTNTU) Localization zone | Milan, Italy | See ingress/egress range for GITMO | 34.154.50.192/27 2604:b040:13:1400::/80 |
| Windhoek, Namibia (GNAWI) Localization zone | Johannesburg, South Africa | See ingress/egress range for GZASO | 199.19.254.96/28 2604:b040:13::/80 |
* The compute region will change on the designated date.
POP Types
- Compute POP - Otherwise known as a data center, a point of presence that contains physical compute infrastructure.
- Localization Zones - Provide an improved user experience by localizing content requests for countries where there is no Cloud SWG compute POP.
Dedicated IP Sites
Dedicated IPs (part of Cloud SWG Premium Routing) provides tenant-dedicated IPs in Cloud SWG data centers. Sites that host Dedicated IP infrastructure are denoted in the table above with the label: "Dedicated IP site" below the site codename.
Policy based Routing Sites
Policy Based Routing (part of Cloud SWG Premium Routing) provides control over traffic egress geolocation. Sites that host Policy Based Routing infrastructure are denoted in the table above with the label: "Policy Based Routing site" below the site codename.
Additional Information
The Cloud SWG service now has a service points URL that can be used to retrieve our IP address space for all hosts, including the Portal, authentication, PFMS, CTC and so forth. The service points URL is https://servicepoints.threatpulse.com/ and is a JSON formatted document. Please note that the auth connector (aka bcca.exe) connects to IP addresses within the ingress/egress IP address range (column four). This KB article contains IP address information that may not be in the service points URL. The service points URL is more real-time information. When future IP address changes are implemented into production, then those IP addresses will be reflected in the service points JSON file. If you are utilizing the service points URL and you require change requests in order to modify firewall rules, please monitor this KB article for IP address changes so as to comply with your business processes.
IMPORTANT NOTE: The service points URL https://servicepoints.threatpulse.com/ were deprecated on September 1, 2024. The new service points URL is https://servicepoints.threatpulse.com/api/v2/full and is live now. The data formatting has changed. To avoid any interruptions, review the changes in the files and start using the new URL as soon as possible. The service points URL was announced on May 29, 2024. To see the announcement, click here.
This information is also applicable to Smart VPN. More information: https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/endpoint-security/sescloud/Protection/Secure-Connection/what-is-v128662923-d4152e263.html
Feedback
