Cloud SWG (formerly WSS) Ingress and Egress IP addresses
search cancel

Cloud SWG (formerly WSS) Ingress and Egress IP addresses

book

Article ID: 167174

calendar_today

Updated On:

Products

Cloud Secure Web Gateway - Cloud SWG

Issue/Introduction

  • What are the IP addresses used to connect to the Symantec Cloud SWG?
  • What are the data center names and locations?
  • What are the Cloud SWG IP addresses and ranges that have to be permitted on firewalls?
  • What is a Localization Zone and where are they located?
  • What are the Cloud SWG ingress and egress IP subnet ranges?
  • What are the IP addresses used by integrated services, such as Web Isolation?

Resolution

Best Practices based on Connection Type (Access Method)

IPsec

For fault tolerance, fixed site backup connections must have IPsec tunnels to a physically separate compute region relative to your primary site, as well as:

  • Only IPsec connections should redirect traffic to an IP address.  All other connections should use Cloud SWG data center hostnames.
  • IPsec connections are only accepted by the IPsec specific ingress IP addresses in the table below.
  • IPsec configurations should have dead peer detection (DPD) enabled and a tunnel monitor (ie, IPSLA) configured.
  • IPsec phase 1 lifetime should be 24 hours, and phase 2 lifetime should be four hours.
    • IKEv2 FQDN phase 2 lifetime should be 50 minutes.
  • IPsec backup tunnels should never point to the same "compute POP" (data center) that the primary tunnel is going to.

Explicit over IPsec

Explicit traffic redirection within an IPsec tunnel to Cloud SWG should always point to ep.threatpulse.net:80 .  For additional information, please see the online documentation.

Explicit and Proxy Forwarding

For optimal performance and fault tolerance, explicit traffic should be redirected to proxy.threatpulse.net:8080.  This hostname automatically resolves to the nearest Cloud SWG data center based on the geo-location of the client's DNS resolver.  In the event of an outage (including planned maintenance), users will be automatically redirected to the nearest available data center.

Should the need to avoid geo-location services with explicit exist, the following Cloud SWG explicit IP addresses indicate the hosts an admin can point to for explicit or proxy forwarded traffic.

SEP Web and Cloud Access Protection

  • Explicit Mode (Pac File): For optimal performance and fault tolerance, explicit traffic should be redirected to sep-wtr.threatpulse.net:8080. This hostname automatically resolves to the nearest Cloud SWG data center based on the geo-location of the client's DNS resolver.  No manual configuration is required.
  • Tunnel Mode: Nearest data center selection is performed automatically by the agent based on the geo-location of the end user's public egress IP address.  No manual configuration is required.

WSS Agent

Nearest data center selection is performed automatically by the agent based on the geo-location of the end user's public egress IP address. No manual configuration is required. It is imperative that firewalls allow traffic between the agents and the Cloud SWG Ingress and egress ranges specified below.

 

IP Addresses for Cloud SWG-Integrated Services

 

Cloud SWG Portal
portal.threatpulse.com 34.49.9.67
Cloud Traffic Controller (CTC) 

Primary: ctc.threatpulse.com

Secondary: ctc-uat.threatpulse.com

Note: Use the secondary CTC endpoint service to route a subset of traffic from a different egress IP address. See Test Agent Traffic From a New Egress IP Address.

Primary: 130.211.30.2

Secondary: 34.110.245.218

Auth Manager
auth.threatpulse.com 34.160.229.36
PAC File Management Service
pfms.wss.symantec.com 34.120.17.44
SGAPI - Used for UPE and Management Center
sgapi.es.bluecoat.com 34.49.220.252
sgapi.threatpulse.com 34.245.151.229
Other miscellaneous hosts
pod.threatpulse.com 35.227.235.56

 

Cloud SWG ingress and egress IP addresses

Note:  The "ingress ranges" in the third column are also the Cloud SWG "egress ranges".

Location (codename) Compute region Ingress IP address (IPsec and trans-proxy) Ingress and egress ranges for other access methods and for auth connector
AMERICAS
Bogota, Colombia (GCOBO)
Localization zone
Santiago, Chile 199.116.174.164 199.116.174.0/24
Buenos Aires, Argentina (GARBA)
Localization zone
Sao Paulo, Brazil 34.95.226.164 34.95.226.0/24
Columbia, South Carolina (GUSCO)
Dedicated IP site
Columbia, South Carolina 168.149.137.164 168.149.135.0/24
168.149.137.0/24
168.149.138.0/24
168.149.139.0/24
168.149.140.0/24
168.149.141.0/24
Dallas, Texas (GUSDA) Dallas, Texas 168.149.128.164 168.149.128.0/24
Des Moines, Iowa (GUSDM)
Dedicated IP site
Des Moines, Iowa 199.247.42.164

199.247.32.0/24
199.247.33.0/24
199.247.42.0/24
199.247.43.0/24
199.247.44.0/24
199.247.45.0/24
199.116.168.0/24
199.116.169.0/24
199.116.170.0/24
199.116.171.0/24
199.116.173.0/24
148.64.31.0/24
170.176.247.0/24
35.192.241.0/24

Las Vegas, Nevada (GUSLV)

Las Vegas, Nevada

168.149.133.164 168.149.133.0/24
168.149.160.0/24
Los Angeles, California (GUSLA)
Dedicated IP site

Los Angeles, California

199.19.248.164 148.64.18.0/24
199.19.248.0/24
Mexico City, Mexico (GMXMC)
Localization zone
Los Angeles, California 170.176.246.164 170.176.246.0/24
Montreal, Canada (GCAMO)
Dedicated IP site
Montreal, Canada 199.19.253.164

199.19.253.0/24
148.64.21.0/24

Portland, Oregon (GUSPO) Portland, Oregon 170.176.241.164 170.176.241.0/24
168.149.164.0/24
148.64.16.0/24
Sao Paulo, Brazil (GBRSP)
Dedicated IP site
Sao Paulo, Brazil 34.95.130.164 34.95.130.0/24
34.95.146.0/24

Toronto, Canada (GCATO)
Dedicated IP site

Toronto, Canada 168.149.130.164 168.149.130.0/24
168.149.131.0/24
Washington, DC (GUSAS) Washington, DC 170.176.240.164

168.149.142.0/24
168.149.143.0/24
168.149.144.0/24
168.149.145.0/24
168.149.146.0/24
168.149.151.0/24
168.149.152.0/24
168.149.153.0/24
168.149.157.0/24
170.176.240.0/24

APAC

Auckland, New Zealand (GNZAU)
Localization zone

Sydney, Australia 168.149.170.164

168.149.170.0/24

Bangkok, Thailand (GTHBA)
Localization zone

Singapore See ingress/egress range for GSGRS

168.149.179.64/27

Beijing, China (ACNBJ) Beijing, China 52.131.103.144

52.131.103.144/28
52.131.113.48/28
52.131.113.80/28
52.131.113.128/28
52.131.113.144/28
52.131.113.176/28
52.131.113.192/28
52.131.113.208/28
52.131.113.224/28
52.131.113.240/28
52.131.114.0/28
52.131.114.16/28
52.131.114.32/28
52.131.114.48/28

Delhi, India (GINDE)
Dedicated IP site
Delhi, India 168.149.182.164

168.149.182.0/24
168.149.183.0/24
168.149.184.0/24
168.149.185.0/24
168.149.186.0/24
168.149.187.0/24
168.149.188.0/24
168.149.189.0/24

Hanoi, Vietnam (GVNHA)
Localization zone
Singapore See ingress/egress range for GSGRS

168.149.179.96/27

Hong Kong (GCNHK) Hong Kong 103.246.38.164

103.246.38.0/24

Islamabad, Pakistan (GPKIS)
Localization zone
Zurich, Switzerland -

34.65.98.0/24

Jakarta, Indonesia (GIDJK) Jakarta, Indonesia -

168.149.180.0/24

Kuala Lumpur, Malaysia (GMYKL)
Localization zone
Singapore See ingress/egress range for GSGRS

168.149.179.0/26

Manila, Philippines (GPHMA)
Localization zone
Jakarta, Indonesia See ingress/egress range for GIDJK

168.149.181.0/25

Melbourne, Australia (GAUME) Melbourne, Australia 168.149.190.164

168.149.190.0/24
168.149.191.0/24
34.129.99.0/24

Mumbai, India (GINMU)
Dedicated IP site
Mumbai, India 148.64.4.164

148.64.1.0/24
148.64.4.0/24
148.64.5.0/24
148.64.7.0/24
148.64.12.0/24
148.64.13.0/24
168.149.165.0/24
168.149.166.0/24
168.149.167.0/24
168.149.168.0/24
168.149.169.0/24
168.149.172.0/24
168.149.173.0/24
168.149.174.0/24
34.47.128.0/26

Osaka, Japan (GJPOS) Osaka, Japan 98.158.245.164

98.158.245.0/24
98.158.246.0/24
103.9.96.0/24
103.9.97.0/24

Seoul, South Korea (GKRSE) Seoul, South Korea 168.149.154.164

168.149.154.0/24

Shanghai, China (ACNSH) Shanghai, China 40.72.119.208

40.72.119.208/28
40.72.119.224/28
52.130.200.0/28
52.130.200.16/28
52.130.200.48/28
52.130.200.64/28
52.130.200.96/28
52.130.200.128/28
52.130.200.144/28
52.130.200.176/28
52.130.200.192/28
52.130.200.208/28
52.130.200.224/28
52.130.200.240/28

Singapore (GSGRS)
Dedicated IP site
Singapore 103.246.37.164

103.246.37.0/24
148.64.3.0/24
168.149.178.0/24
168.149.150.0/24

Sydney, Australia (GAUSY)
Dedicated IP site
Sydney, Australia 103.246.36.164

103.246.36.0/24
170.176.245.0/24
148.64.2.0/24

Taipei, Taiwan (GTWTA) Taipei, Taiwan 168.149.155.164

168.149.155.0/24

Tokyo, Japan (GJPTK)
Dedicated IP site
Tokyo, Japan 223.29.216.164

223.29.216.0/24
223.29.217.0/24
223.29.218.0/24
223.29.219.0/24

EUROPE AND THE MIDDLE EAST

Abu Dhabi, UAE (GAEAD)
Localization zone

Mumbai, India 168.149.175.164

168.149.175.0/24

Amsterdam, the Netherlands (GNLAM)
Dedicated IP site
Amsterdam, the Netherlands 98.158.252.164

98.158.252.0/24

Ankara, Turkey (GTRAN)
Localization zone

Zurich, Switzerland 46.235.158.192

46.235.158.192/26

Athens, Greece (GGRAT)
Localization zone
Frankfurt, Germany See ingress/egress range for GROBU

46.235.156.128/27

Belgrade, Serbia (GSRBE)
Localization zone
Milan, Italy See ingress/egress range for GITMO

199.116.172.128/27

Brussels, Belgium (GBEBR) Brussels, Belgium -

46.235.155.0/24
148.64.25.0/24

Bucharest, Romania (GROBU)
Localization zone

Frankfurt, Germany 168.149.148.164

168.149.148.0/24 

Copenhagen, Denmark (GDKCP)
Localization zone
Amsterdam, the Netherlands 148.64.14.164

148.64.14.0/24

Dover, England (GGBDO)
Localization zone
Dedicated IP site

Brussels, Belgium 148.64.24.164

148.64.24.0/24
109.68.59.0/24
109.68.60.0/24
109.68.61.0/24
109.68.62.0/24
170.176.242.0/24

Dubai, UAE (GAEDX)
Localization zone

Zurich, Switzerland -

34.65.98.0/24

Dublin, Ireland (GIEDU)
Localization zone
London, England 148.64.15.164

148.64.15.0/24

Frankfurt, Germany (GDEFR)
Dedicated IP site
Frankfurt, Germany 199.247.38.164

199.247.34.0/24
199.247.38.0/24
199.247.39.0/24
199.247.40.0/24
199.247.41.0/24

Helsinki, Finland (GFIHE) Helsinki, Finland 168.149.149.164

168.149.149.0/24

Lisbon, Portugal (GPTLI)
Localization zone
Zurich, Switzerland
Madrid, Spain (New)*
See ingress/egress range for GESTO

199.116.175.80/28

Ljubljana, Slovenia (GSILJ)
Localization zone
Milan, Italy See ingress/egress range for GITMO

199.116.172.160/27

London, England (GGBLO)
Dedicated IP site
London, England 148.64.26.164

148.64.9.0/24
148.64.26.0/24
148.64.27.0/24
148.64.28.0/24
148.64.29.0/24
148.64.30.0/24
46.235.152.0/24
46.235.154.0/24
34.39.35.128/26

Madrid, Spain (GESMA)
Localization zone
Dedicated IP site
To be retired:  May 29, 2024
Zurich, Switzerland 185.180.48.164

185.180.48.0/24
185.180.51.0/24

Madrid, Spain (GESTO)
Dedicated IP site
Madrid, Spain 199.19.249.164

199.19.249.0/24

Manama, Bahrain (GBHMA)
Localization zone
Mumbai, India See ingress/egress range for GAEAD

148.64.6.64/27

Milan, Italy (GITMO)
Dedicated IP site
Milan, Italy 185.180.49.164

185.180.49.0/24

Nicosia, Cyprus (GCYNI)
Localization zone
Frankfurt, Germany See ingress/egress range for GROBU

46.235.156.64/27

Oslo, Norway (GNOOS)
Localization zone
Helsinki, Finland 109.68.63.164

109.68.63.0/24

Paris, France (GFRPA)
Localization zone
Dedicated IP site
To be retired:  TBD
Brussels, Belgium 46.235.153.164

46.235.153.0/24
148.64.19.0/24
168.149.163.0/24

Paris, France (GFRVE)
New:  Coming Soon (TBD)
Paris, France 199.116.172.1

199.116.172.0/25

Riga, Latvia (GLVRI)
Localization zone

Helsinki, Finland See ingress/egress range for GHEFI

199.116.175.0/27

Riyadh, Saudi Arabia (GSARI)
Localization zone

Mumbai, India 148.64.6.1

148.64.6.0/26

Stockholm, Sweden (GSESK)
Localization zone
Helsinki, Finland 199.247.35.164

199.247.35.0/24

Tallinn, Estonia (GEETA)
Localization zone
Helsinki, Finland See ingress/egress range for GHEFI

199.116.172.224/27

Tel Aviv, Israel (GILTA) Tel Aviv, Israel 198.135.125.164

198.135.125.0/24

Valletta, Malta (GMTVA)
Localization zone
Milan, Italy See ingress/egress range for GITMO

34.154.50.128/27

Vienna, Austria (GATVI)
Localization zone
Frankfurt, Germany See ingress/egress range for GDEFR

46.235.156.32/27

Vilnius, Lithuania (GLTVI)
Localization zone
Warsaw, Poland See Ingress/egress range for GPOWA

199.116.172.192/27

Warsaw, Poland (GPOWA) Warsaw, Poland 103.9.99.164

103.9.99.0/24

Zagreb, Croatia (GHRZA)
Localization zone
Milan, Italy See ingress/egress range for GITMO

168.149.132.224/27

Zurich, Switzerland (GCHZU) Zurich, Switzerland 148.64.11.164

148.64.11.0/24

AFRICA

Abuja, Nigeria (GNGAB)
Localization zone

Zurich, Switzerland
Madrid, Spain (new)*
See ingress/egress range for for GESTO

199.116.175.64/28

Accra, Ghana (GGHAC)
Localization zone

Zurich, Switzerland
Madrid, Spain (new)*
See ingress/egress range for GESTO

199.116.175.32/28

Algiers, Algeria (GDZAL)
Localization zone

Milan, Italy See ingress/egress range for GITMO

34.154.250.192/27

Cairo, Egypt (GEGCA)
Localization zone

Frankfurt, Germany See ingress/egress range for GROBU

46.235.156.96/27

Dakar, Senegal (GSNDA)
Localization zone

Zurich, Switzerland
Madrid, Spain (new)*
See ingress/egress range for GESTO

199.116.175.96/28

Gaborone, Botswana (GBWGA)
Localization zone
London, England
Johannesburg, South Africa*
See ingress/egress range for GZAJB and GZASO

109.68.57.32/27
199.19.254.16/28 - NEW - June 27, 2024

Harare, Zimbabwe (GZWHA)
Localization zone
London, England
Johannesburg, South Africa*
See ingress/egress range for GZAJB and GZASO

109.68.56.0/27
199.19.254.128/28 - NEW - June 27, 2024

Johannesburg, South Africa (GZAJB)
Localization zone

London, England 109.68.58.164

109.68.58.0/24

Johannesburg, South Africa (GZASO)
New:  Coming Soon - June 27, 2024

Johannesburg, South Africa 199.19.251.164

199.19.251.0/24

Lilongwe, Malawi (GMWLI)
Localization zone

London, England
Johannesburg, South Africa*
See ingress/egress range for GZAJB and GZASO

109.68.57.96/27
199.19.254.48/28 - NEW - June 27, 2024

Luanda, Angola (GAOLU)
Localization zone

London, England
Johannesburg, South Africa*
See ingress/egress range for GZAJB and GZASO

109.68.57.0/27
199.19.254.0/28 - NEW - June 27, 2024

Lusaka, Zambia (GZMLU)
Localization zone

London, England
Johannesburg, South Africa*
See ingress/egress range for GZAJB and GZASO

109.68.57.224/27
199.19.254.112/28 - NEW - June 27, 2024

Maputo, Mozambique (GMZMA)
Localization zone
London, England
Johannesburg, South Africa*
See ingress/egress range for GZAJB and GZASO

109.68.57.160/27
199.19.254.80/28 - NEW - June 27, 2024

Nairobi, Kenya (GKENA)
Localization zone
London, England
Johannesburg, South Africa*
See ingress/egress range for GZAJB and GZASO

109.68.57.64/27
199.19.254.32/28 - NEW - June 27, 2024

Port Louis, Mauritius (GMUPL)
Localization zone
London, England
Johannesburg, South Africa*
See ingress/egress range for GZAJB and GZASO

109.68.57.128/27
199.19.254.64/28 - NEW - June 27, 2024

Rabat, Morocco (GMARA)
Localization zone
Zurich, Switzerland
Madrid, Spain (new)*
See ingress/egress range for GESTO

199.116.175.48/28

Tunis, Tunisia (GTNTU)
Localization zone

Milan, Italy

See ingress/egress range for GITMO

34.154.50.192/27

Windhoek, Namibia (GNAWI)
Localization zone
London, England
Johannesburg, South Africa*
See ingress/egress range for GZAJB and GZASO

109.68.57.192/27
199.19.254.96/28 - NEW - June 27, 2024

* The compute region will change on the designated date.

 

POP Types

Compute POP - Otherwise known as a data center, a point of presence that contains physical compute infrastructure.

Localization Zones - Provide an improved user experience by localizing content requests for countries where there is no Cloud SWG compute POP.

Dedicated IP Sites

The Dedicated IPs feature is a cloud-native solution where Broadcom provides tenant-dedicated IPs in Cloud SWG data centers.  The sites that host dedicated IPs are denoted in the table above with the "Dedicated IP sites"  label below the site location and codename.

 

Additional Information

The Cloud SWG service now has a service points URL that can be used to retrieve our IP address space for all hosts, including the Portal, authentication, PFMS, CTC and so forth.  The service points URL is https://servicepoints.threatpulse.com/ and is a JSON formatted document.  Please note that the auth connector (aka bcca.exe) connects to IP addresses within the egress IP address range.

IMPORTANT NOTE:  The service points URL https://servicepoints.threatpulse.com/ will be deprecated on September 1, 2024.  The new service points URL is https://servicepoints.threatpulse.com/api/v2/full and is live now.  The data formatting has changed.  To avoid any interruptions, please review the changes in the files and start using the new URL as soon as possible.  The service points URL was announced on May 29, 2024.  To see the announcement, please click here.