ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Web Security Service (WSS) ingress and egress IP addresses

book

Article ID: 167174

calendar_today

Updated On:

Products

Web Security Service - WSS

Issue/Introduction

  • What are the IP addresses used to connect to the Symantec Web Security Service (WSS)?
  • What are the data center names and locations?
  • What are the WSS IP addresses and ranges that have to be permitted on firewalls?
  • What is a Localization Zone and where are they located?
  • What are the WSS ingress and egress IP subnet ranges?
  • What are the IP addresses used by integrated services, such as Web Isolation?

Resolution

Best Practices based on Connection Type (Access Method)

IPsec:  For fault tolerance, fixed site backup connections should have IPsec tunnels to a physically separate compute region relative to your primary site, as well as:

  • Only IPsec connections should redirect traffic to an IP address.  All other connections should use WSS data center hostnames.
  • IPsec connections are only accepted by the IPsec specific ingress IP addresses in the table below.
  • IPsec configurations should have dead peer detection (DPD) enabled and a tunnel monitor (ie, IPSLA) configured.
  • IPsec phase 1 lifetime should be 24 hours, and phase 2 lifetime should be four hours.
    • IKEv2 FQDN phase 2 lifetime should be 50 minutes.
  • IPsec backup tunnels should never point to the same "compute POP" (data center) that the primary tunnel is going to.

Explicit over IPsec:  Explicit traffic redirection within an IPsec tunnel to WSS should always point to ep.threatpulse.net:80 .  For additional information, please see the online documentation.

Explicit and Proxy Forwarding:  For optimal performance and fault tolerance, explicit traffic should be redirected to proxy.threatpulse.net:8080.  This hostname automatically resolves to the nearest WSS data center based on the geo-location of the client's DNS resolver.  In the event of an outage (including planned maintenance), users will be automatically redirected to the nearest available data center.

Should the need to avoid geo-location services with explicit exist, the following WSS explicit IP addresses indicate the hosts an admin can point to for explicit or proxy forwarded traffic.

SEP Web and Cloud Access Protection: 

  • Explicit Mode (Pac File): For optimal performance and fault tolerance, explicit traffic should be redirected to sep-wtr.threatpulse.net:8080. This hostname automatically resolves to the nearest WSS data center based on the geo-location of the client's DNS resolver.  No manual configuration is required.
  • Tunnel Mode: Nearest data center selection is performed automatically by the agent based on the geo-location of the end user's public egress IP address.  No manual configuration is required.

 

WSS Agent:  Nearest data center selection is performed automatically by the agent based on the geo-location of the end user's public egress IP address.  No manual configuration is required.

 

IP Addresses for WSS-Integrated Services

 

Portal Addresses
portal.threatpulse.com 35.245.151.224
34.82.146.64
Cloud Traffic Controller (CTC) addresses
ctc.threatpulse.com 130.211.30.2
Auth Manager
auth.threatpulse.com 35.245.151.226
34.82.146.65
PAC File Management Service
pfms.wss.symantec.com 34.120.17.44

 

WSS ingress and egress IP addresses

Note:  The "ingress ranges" in the third column are also the WSS "egress ranges".

Location (codename) Compute region Ingress IP address (IPsec and trans-proxy) Ingress and egress ranges for other access methods and for auth connector
AMERICAS
Buenos Aires, Argentina (GARBA1)
Localization zone
Sao Paulo, Brazil 34.95.226.164 34.95.226.0/24
Columbia, South Carolina (GUSCO1) Columbia, South Carolina 168.149.137.164 168.149.135.0/24
168.149.137.0/24
168.149.138.0/24
168.149.139.0/24
168.149.140.0/24
168.149.141.0/24
Des Moines, Iowa (GUSDM1) Des Moines, Iowa 199.247.42.164

199.247.32.0/24
199.247.33.0/24
199.247.42.0/24
199.247.43.0/24
199.247.44.0/24
199.247.45.0/24
199.116.168.0/24
199.116.169.0/24
199.116.170.0/24
199.116.171.0/24
199.116.173.0/24

Las Vegas, Nevada (GUSLV1)

Las Vegas, Nevada

168.149.133.164 168.149.133.0/24
168.149.160.0/24
Los Angeles, California (GUSLA)

Los Angeles, California

199.19.248.164 148.64.18.0/24
148.64.20.0/24
199.19.248.0/24
Mexico City, Mexico (GMXMC1)
Localization zone
Los Angeles, California 170.176.246.164 170.176.246.0/24
Montreal, Canada (GCAMO1) Montreal, Canada 199.19.253.164

199.19.253.0/24
148.64.21.0/24

Portland, Oregon (GUSPO1) Portland, Oregon 170.176.241.164 170.176.241.0/24
168.149.164.0/24
Sao Paulo, Brazil (GBRSP1) Sao Paulo, Brazil 34.95.130.164 34.95.130.0/24
34.95.146.0/24

Toronto, Canada (GCATO1)
Localization zone
To be decommissioned on June 18, 2022
Replacement is GCATO2.

Montreal, Canada 168.149.162.164 168.149.162.0/24

Toronto, Canada (GCATO2)
New!  Available starting May 18, 2022

Toronto, Canada 168.149.130.164 168.149.130.0/24
168.149.131.0/24
Washington, DC (GUSAS1) Washington, DC 170.176.240.164

168.149.143.0/24
168.149.144.0/24
168.149.146.0/24
168.149.151.0/24
168.149.152.0/24
168.149.153.0/24
168.149.157.0/24
170.176.240.0/24

APAC

Auckland, New Zealand (GNZAU1)
Localization zone

Sydney, Australia 168.149.170.164

168.149.170.0/24

Bangkok, Thailand (GTHBA11)
Localization zone

Singapore -

168.149.179.64/27

Beijing, China (PEK1)

Beijing, China 119.161.180.164

119.161.180.0/24
119.161.181.0/24

Delhi, India (GINDE1) Delhi, India 168.149.182.164

168.149.182.0/24
168.149.183.0/24
168.149.184.0/24
168.149.185.0/24
168.149.186.0/24
168.149.187.0/24
168.149.188.0/24
168.149.189.0/24

Hanoi, Vietnam (GVNHA11)
Localization zone
Singapore -

168.149.179.96/27

Hong Kong (GCNHK1) Hong Kong 103.246.38.164

103.246.38.0/24

Islamabad, Pakistan (GPKIS)
Localization zone
Zurich, Switzerland -

34.65.98.0/24

Jakarta, Indonesia (GIDJK11) Jakarta, Indonesia -

168.149.180.0/24

Kuala Lumpur, Malaysia (GMYKL11)
Localization zone
Singapore -

168.149.179.0/26

Manila, Philippines (GPHMA11)
Localization zone
Jakarta, Indonesia -

168.149.181.0/25

Melbourne, Australia (GAUME1) Melbourne, Australia 168.149.190.164

168.149.190.0/24
168.149.191.0/24

Mumbai, India (GINMU1) Mumbai, India 148.64.4.164

148.64.1.0/24
148.64.4.0/24
148.64.5.0/24
148.64.7.0/24
148.64.12.0/24
148.64.13.0/24
168.149.165.0/24
168.149.166.0/24
168.149.167.0/24
168.149.168.0/24
168.149.169.0/24
168.149.172.0/24
168.149.173.0/24
168.149.174.0/24

Osaka, Japan (GJPOS1) Osaka, Japan 98.158.245.164

98.158.245.0/24
98.158.246.0/24
103.9.96.0/24
103.9.97.0/24

Seoul, South Korea (GKRSE1) Seoul, South Korea 168.149.154.164

168.149.154.0/24

Shanghai, China (SHA1) Shanghai, China 222.126.180.164

222.126.180.0/24
222.126.181.0/24

Singapore (GSGRS1) Singapore 103.246.37.164

103.246.37.0/24
148.64.3.0/24
168.149.178.0/24

Sydney, Australia (GAUSY1) Sydney, Australia 103.246.36.164

103.246.36.0/24
103.246.39.0/24
170.176.245.0/24

Taipei, Taiwan (GTWTA1) Taipei, Taiwan 168.149.155.164

168.149.155.0/24

Tokyo, Japan (GJPTK) Tokyo, Japan 223.29.216.164

223.29.216.0/24
223.29.217.0/24
223.29.218.0/24
223.29.219.0/24
168.149.158.0/24

EUROPE AND THE MIDDLE EAST

Abu Dhabi, UAE (GAEAD1)
Localization zone

Mumbai, India 168.149.175.164

168.149.175.0/24

Amsterdam, the Netherlands (GNLAM1) Amsterdam, the Netherlands 98.158.252.164

98.158.252.0/24
98.158.253.0/24

Ankara, Turkey (GTRAN11)
Localization zone
Frankfurt, Germany -

46.235.157.0/26

Athens, Greece (GGRAT11)
Localization zone
Frankfurt, Germany -

46.235.156.128/27

Brussels, Belgium (GBEBR11) Brussels, Belgium -

46.235.155.0/24

Bucharest, Romania (GROBU1)
Localization zone

Frankfurt, Germany 168.149.148.164

168.149.148.0/24 

Copenhagen, Denmark (GDKCP1)
Localization zone
Amsterdam, the Netherlands 148.64.14.164

148.64.14.0/24

Dover, England (GGBDO1)
Localization zone

Brussels, Belgium 148.64.24.164

148.64.24.0/24
148.64.25.0/24
109.68.59.0/24
109.68.60.0/24
109.68.61.0/24
109.68.62.0/24
170.176.242.0/24

Dubai, UAE (GAEDX1)
Localization zone

Zurich, Switzerland -

34.65.98.0/24

Dublin, Ireland (GIEDU1)
Localization zone
London, England 148.64.15.164

148.64.15.0/24

Frankfurt, Germany (GDEFR1) Frankfurt, Germany 199.247.38.164

199.247.34.0/24
199.247.38.0/24
199.247.39.0/24
199.247.40.0/24
199.247.41.0/24

Helsinki, Finland (GFIHE1) Helsinki, Finland 168.149.149.164

168.149.149.0/24

Lisbon, Portugal (GPTLI1)
Localization zone
Zurich, Switzerland -

46.235.158.96/27

London, England (GGBLO1) London, England 148.64.26.164

148.64.9.0/24
148.64.26.0/24
148.64.27.0/24
148.64.28.0/24
148.64.29.0/24
148.64.30.0/24
46.235.154.0/24

Madrid, Spain (GESMA1)
Localization zone
Zurich, Switzerland 185.180.48.164

185.180.48.0/24
185.180.50.0/24
185.180.51.0/24

Milan, Italy (GITMI1)
Localization zone
Frankfurt, Germany 46.235.159.164

46.235.159.0/24
148.64.10.0/24

Nicosia, Cyprus (GCYNI11)
Localization zone
Frankfurt, Germany  

46.235.156.64/27

Oslo, Norway (GNOOS1)
Localization zone
Helsinki, Finland 109.68.63.164

109.68.63.0/24

Paris, France (GFRPA1)
Localization zone
Brussels, Belgium 46.235.153.164

46.235.153.0/24
168.149.163.0/24

Stockholm, Sweden (GSESK1)
Localization zone
Helsinki, Finland 199.247.35.164

199.247.35.0/24

Tel Aviv, Israel (GILTA1)
Localization zone
London, England 198.135.124.164

198.135.124.0/24

Vienna, Austria (GATVI11)
Localization zone
Frankfurt, Germany -

46.235.156.32/27

Valletta, Malta (GMTVA11)
Localization zone
Frankfurt, Germany -

46.235.156.160/27

Zurich, Switzerland (GCHZU1) Zurich, Switzerland 148.64.11.164

148.64.11.0/24

AFRICA

Abuja, Nigeria (GNGAB11)
Localization zone

Zurich, Switzerland -

46.235.158.64/27

Accra, Ghana (GGHAC11)
Localization zone

Zurich, Switzerland -

46.235.158.0/27

Algiers, Algeria (GDZAL11)
Localization zone

Frankfurt, Germany -

46.235.156.0/27

Cairo, Egypt (GEGCA11)
Localization zone

Frankfurt, Germany -

46.235.156.96/27

Dakar, Senegal (GSNDA1)
Localization zone

Zurich, Switzerland -

46.235.158.128/27

Gaborone, Botswana (GBWGA11)
Localization zone
London, England -

109.68.57.32/27

Harare, Zimbabwe (GZWHA11)
Localization zone
London, England -

109.68.56.0/27

Johannesburg, South Africa (GZAJB1)
Localization zone

London, England 109.68.58.164

109.68.58.0/24

Lilongwe, Malawi (GMWLI11)
Localization zone

London, England -

109.68.57.96/27

Luanda, Angola (GAOLU11)
Localization zone

London, England -

109.68.57.0/27

Lusaka, Zambia (GZMLU11)
Localization zone

London, England -

109.68.57.224/27

Maputo, Mozambique (GMZMA11)
Localization zone
London, England -

109.68.57.160/27

Nairobi, Kenya (GKENA11)
Localization zone
London, England -

109.68.57.64/27

Port Louis, Mauritius (GMUPL11)
Localization zone
London, England -

109.68.57.128/27

Rabat, Morocco (GMARA1)
Localization zone
Zurich, Switzerland -

46.235.158.32/27

Tunis, Tunesia (GTNTU11)
Localization zone
Frankfurt, Germany -

46.235.156.192/27

Windhoek, Namibia (GNAWI11)
Localization zone
London, England -

109.68.57.192/27

POP Types

Compute POP - Otherwise known as a data center, a point of presence that contains physical compute infrastructure.

Localization Zones - Provide an improved user experience by localizing content requests for countries where there is no WSS compute POP.

 

Additional Information

Attached is a text document that lists the IP addresses used by WSS from this document, including the single IP addresses at the top of the document for the portal, authentication, PFMS, CTC and so forth.  Please note that the auth connector (aka bcca.exe) connects to IP addresses within the egress IP address range.

Attachments

1651593347428__WSS_IP_Addresses_03May2022.txt get_app