Web Security Service Announcement - Mumbai Data Center Migration
The scheduled maintenance has been completed.
Scheduled maintenance is currently in progress. We will provide updates as necessary.
Update on Upcoming Scheduled Maintenance Notice
This notice contains important information on required actions that have not been previously communicated.
As part of the previously announced migration to Google Cloud Platform (GCP), the Mumbai, India WSS site will be migrated on April 20, 2020, starting at 13:30 UTC. This maintenance will last up to 12 hours.
At the conclusion of the maintenance, all WSS traffic for the Mumbai site will be processed in the new GCP-based POP designated Mumbai, India (GINMU).
The ingress IP address for IPSec access for Mumbai (GINMU) will be:
148.64.4.164 (Existing address, no change should be required)
The ingress IP addresses for all other access methods for Mumbai (GINMU) will be:
148.64.4.164 (Existing address, no change should be required)
148.64.5.164 (New ingress address, change may be required)
34.93.162.164 (New ingress address, change may be required)
34.93.66.164 (New ingress address, change may be required)
34.93.160.164 (New ingress address, change may be required)
The egress network IP ranges for Mumbai (GINMU) will be:
148.64.4.0/24 (Existing range, no change should be required) 148.64.5.0/24 (Existing range, no change should be required) 34.93.162.0/24 (New range announced 3/23, change may be required) 34.93.66.0/24 (New range announced 4/14, change may be required) 34.93.160.0/24 (New range announced 4/14, change may be required)
Impact Expect the site to be completely unavailable during the maintenance window.
Required Action If end user connectivity to WSS is regulated by stringent firewall rules, those firewall rules should be adjusted to allow traffic to pass to the ingress and egress IP networks listed above prior to the maintenance window. In addition, any third party application provider who regulates connections by source IP should be updated to accept connections from the ingress and egress IP networks listed above to ensure WSS traffic passes unencumbered.
IPSec: Customers should bring up their secondary tunnel prior during the maintenance window.
Unified Agent and WSS Agent: Firewall rules may need to be updated as described above to allow the new ingress and egress addresses. Customer traffic will be automatically redirected by Symantec to the nearest alternate site during the maintenance window.
Symantec Endpoint Protection Web Traffic Redirector (SEP-WTR): The underlying IP address for sep-wtr.threatpulse.net will be updated as part of this migration. Firewall rules will need to be updated as described above to allow the new ingress and egress addresses. Customer traffic will be automatically redirected by Symantec to the nearest alternate site during the maintenance window.
Explicit proxy and proxy forwarding: The underlying IP address for proxy.threatpulse.net will change as a part of this migration. Firewall rules will need to be updated as described above to allow the new ingress and egress addresses. Customers directing traffic to proxy.threatpulse.net will be automatically redirected by Symantec to the nearest alternate site during the maintenance window..
Explicit over IPSec (“trans-proxy”): The underlying IP address for ep.threatpulse.net will change as part of this migration. Firewall rules will need to be updated as described above to allow the new ingress and egress addresses. Customers that use explicit proxy through IPSec to ep.threatpulse.net should take the same action as IPSec customers and bring up their secondary tunnel during the maintenance.
Others: Any customer, regardless of connection method, with a configuration pointing to a specific site or IP address must manually failover to a secondary site during the migration window to avoid an outage.
Please visit these KB articles for a full list of IP networks used by WSS: Worldwide data center IP addresses: https://knowledge.broadcom.com/external/article?legacyId=TECH242979 Authentication IP addresses: https://knowledge.broadcom.com/external/article?legacyId=TECH240889
Questions? Please visit this KB article for additional details on the Web Security Service Migration to Google Cloud Platform: https://knowledge.broadcom.com/external/article?legacyId=tech257356
If you have further questions regarding this announcement, contact Technical Support. Support information is located at: https://support.broadcom.com/security
Schedule
As part of the previously announced migration to Google Cloud Platform (GCP), the Mumbai, India WSS site will be migrated on April 20, 2020 starting at 13:30 UTC. This maintenance will last up to 12 hours.
At the conclusion of the maintenance, all WSS traffic for the Mumbai site will be processed in the new GCP-based POP. The ingress and egress network IP addresses for the Mumbai site will remain unchanged.
Impact Expect the site to be completely unavailable during the maintenance window.
Required Action IPSec: Customers should bring up their secondary tunnel prior during the maintenance window.
Unified Agent and WSS Agent: No customer action is required. Customer traffic will be automatically redirected by Symantec to the nearest alternate site during the maintenance window.
Symantec Endpoint Protection Web Traffic Redirector (SEP-WTR): No customer action is required. Customer traffic will be automatically redirected by Symantec to the nearest alternate site during the maintenance window. The underlying IP address for sep-wtr.threatpulse.net will not change as part of this migration.
Explicit proxy and proxy forwarding: No customer action is required. Customers directing traffic to proxy.threatpulse.net will be automatically redirected by Symantec to the nearest alternate site during the maintenance window. The underlying IP address for proxy.threatpulse.net will not change as a part of this migration.
Explicit over IPSec (“trans-proxy”): Customers that use explicit proxy through IPSec to ep.threatpulse.net should take the same action as IPSec customers and bring up their secondary tunnel during the maintenance. The underlying IP address for ep.threatpulse.net will not change as part of this migration.
Others:Any customer, regardless of connection method, with a configuration pointing to a specific site or IP address must manually failover to a secondary site during the migration window to avoid an outage.
Please visit these KB articles for a full list of IP networks used by WSS: Worldwide data center IP addresses: https://knowledge.broadcom.com/external/article?legacyId=TECH242979 Authentication IP addresses: https://knowledge.broadcom.com/external/article?legacyId=TECH240889
Questions? Please visit this KB article for additional details on the Web Security Service Migration to Google Cloud Platform: https://knowledge.broadcom.com/external/article?legacyId=tech257356
If you have further questions regarding this announcement, contact Technical Support. Support information is located at: https://support.broadcom.com/security
For real time updates and status visit and subscribe to Broadcom Service Status: https://wss.status.broadcom.com
Schedule
Find Your Subscription
We’ll find your subscription and send you a link to login to manage your preferences.
Check Your Inbox
We’ve found your existing subscription and have emailed you a secure link to manage your preferences.
Subscribe to Status Updates
We’ll use your email to save your preferences so you can update them later.
-
Email{{ value }}
-
Text Message{{ value }}
-
Slack
-
Microsoft Teams{{ value }}
-
Google Chat
Subscribe to other services using the bell icon on the subscribe button on the status page.
Unsubscribe Completely?
You’ll no long receive any status updates from Broadcom Service Status, are you sure?
{{ error }}
You’re Unsubscribed!
We’ll no longer send you any status updates about Broadcom Service Status.