Cloud SWG: High Risk Isolation Initial Tenants Migration

Monday, 22 July 23 hours and 59 minutes
Complete
Complete

The maintenance is now complete. Thanks for your patience.

Underway

The scheduled maintenance is now underway. We'll keep you updated on our progress.

Scheduled

Beginning July 22, 2024, Broadcom will initiate a series of maintenance events to transition the majority of High Risk Isolation Cloud SWG tenants based on Symantec Web Protection to the new consolidated SWG view within the Threat Protection rules page. The per-tenant basis rollout is planned for a period of four weeks, with an expected completion date of August 22.

This update provides an enhancement to how High Risk Isolation (HRI) policy can be managed and enforced as part of the existing Cloud SWG policies.

When HRI is enabled, the Cloud SWG portal includes HRI rules within the Threat Protection layer. You can now have full visibility into the HRI logic, and can combine the isolation decisions with your existing Threat Protection rules.

After the policy is activated, network traffic is subject to HRI rules as part of the consolidated Cloud SWG policy.

For more information, see the Consolidated SWG Policy: High Risk Isolation documentation.

Impact

  • Portal-managed (non-UPE), Symantec Web Protection tenants (not including Network Protection or tenants with the Full Web Isolation add-on) will be migrated. Tenants must have one of the following policy configurations:
    • Web Isolation layer is disabled (HRI is not used)
    • Web Isolation layer is enabled, and no “Do not isolate” rule exists
      • In addition, the Threat Protection layer does not include:
        • “Allow” rules
        • “Block unless isolated” rules above “block” rules

All other WPS tenants will be targeted in a future release.

  • Current tenant behavior is preserved as part of the migration:
    • Customers with the Web Isolation layer currently disabled will be migrated to an updated policy in which HRI is disabled.
    • Customers with the Web Isolation layer currently enabled will be migrated to an updated policy in which HRI is enabled.
  • Policy updates:
    • HRI rules are managed natively in the Threat Protection policy layer.
    • All Cloud SWG policies (Threat Protection, Content Filtering, and so on) will be enforced on isolated traffic as well.
    • To preserve the current behavior, “Block unless isolated” rules will be converted to “Block” rules below the new High Risk Isolation rules.

Required Action

  • After your tenant has been migrated, click Activate Policy to apply the migration change.
  • Review the new feature documentation and become familiar with how you can use it to better protect the end users and enforce your customized policy.
  • Not using HRI yet? It is very easy to start.

Support

Questions? Contact technical support by visiting: https://support.broadcom.com/security.

For service status and maintenance updates visit and subscribe to Broadcom Service Status: https://status.broadcom.com

Began at:

Affected components
  • Cloud Secure Web Gateway
    • Point of Presence (POP) - Americas
      • Buenos Aires, Argentina (GARBA)
      • Columbia, South Carolina (GUSCO)
      • Dallas, Texas (GUSDA)
      • Des Moines, Iowa (GUSDM)
      • Las Vegas, Nevada (GUSLV)
      • Los Angeles, California (GUSLA)
      • Mexico City, Mexico (GMXMC)
      • Montreal, Canada (GCAMO)
      • Portland, Oregon (GUSPO)
      • Sao Paulo, Brazil (GBRSP)
      • Toronto, Canada (GCATO)
      • Washington, DC (GUSAS)
      • Bogota, Colombia (GCOBO)
    • Point of Presence (POP) - APAC
      • Auckland, New Zealand (GNZAU)
      • Bangkok, Thailand (GTHBA)
      • Beijing, China (ACNBJ)
      • Delhi, India (GINDE)
      • Hanoi, Vietnam (GVNHA)
      • Hong Kong (GCNHK)
      • Islamabad, Pakistan (GPKIS)
      • Jakarta, Indonesia (GIDJK)
      • Kuala Lumpur, Malaysia (GMYKL)
      • Manila, Philippines (GPHMA)
      • Melbourne, Australia (GAUME)
      • Mumbai, India (GINMU)
      • Osaka, Japan (GJPOS)
      • Seoul, South Korea (GKRSE)
      • Shanghai, China (ACNSH)
      • Singapore (GSGRS)
      • Sydney, Australia (GAUSY)
      • Taipei, Taiwan (GTWTA)
      • Tokyo, Japan (GJPTK)
    • Point of Presence (POP) - Europe And The Middle East
      • Abu Dhabi, UAE (GAEAD)
      • Amsterdam, the Netherlands (GNLAM)
      • Ankara, Turkey (GTRAN)
      • Athens, Greece (GGRAT)
      • Brussels, Belgium (GBEBR)
      • Bucharest, Romania (GROBU)
      • Copenhagen, Denmark (GDKCP)
      • Dover, England (GGBDO)
      • Dubai, UAE (GAEDX)
      • Dublin, Ireland (GIEDU)
      • Frankfurt, Germany (GDEFR)
      • Helsinki, Finland (GFIHE)
      • Lisbon, Portugal (GPTLI)
      • London, England (GGBLO)
      • Madrid, Spain (GESTO) ( Previously Madrid, Spain (GESMA))
      • Manama, Bahrain (GBHMA)
      • Milan, Italy (GITMI)
      • Milan, Italy (GITMO)
      • Nicosia, Cyprus (GCYNI)
      • Oslo, Norway (GNOOS)
      • Paris, France (GFRPA) / Paris, France (GFRVE)
      • Riyadh, Saudi Arabia (GSARI)
      • Stockholm, Sweden (GSESK)
      • Tel Aviv, Israel (GILTA)
      • Valletta, Malta (GMTVA)
      • Vienna, Austria (GATVI)
      • Warsaw, Poland (GPOWA)
      • Zurich, Switzerland (GCHZU)
      • Ljubljana, Slovenia (GSILJ)
      • Zagreb, Croatia (GHRZA)
      • Belgrade, Serbia (GRSBE)
      • Tallinn, Estonia (GEETA1)
      • Vilnius, Lithuania(GLTVI)
      • Riga, Latvia (GLVRI)
      • Dammam, Saudi Arabia (GSADA)
    • Point of Presence (POP) - Africa
      • Abuja, Nigeria (GNGAB)
      • Accra, Ghana (GGHAC)
      • Algiers, Algeria (GDZAL)
      • Cairo, Egypt (GEGCA)
      • Dakar, Senegal (GSNDA)
      • Gaborone, Botswana (GBWGA)
      • Harare, Zimbabwe (GZWHA)
      • Johannesburg, South Africa GZASO (Previously Johannesburg GZAJB)
      • Lilongwe, Malawi (GMWLI)
      • Luanda, Angola (GAOLU)
      • Lusaka, Zambia (GZMLU)
      • Maputo, Mozambique (GMZMA)
      • Nairobi, Kenya (GKENA)
      • Port Louis, Mauritius (GMUPL)
      • Rabat, Morocco (GMARA)
      • Tunis, Tunisia (GTNTU)
      • Windhoek, Namibia (GNAWI)