Cloud SWG POP Upgrade: Madrid, Ghana, Morocco, Nigeria, Portugal, Senegal

We are pleased to announce that the Madrid Localization Zone (GESMA) will be upgraded to a compute point-of-presence (POP) in Madrid. The new POP, GESTO, is engineered to service customers in Spain and the surrounding region. GESTO is hosted in the new Google Cloud region europe-southwest1 in Madrid and will be available on May 1, 2024.

Additionally, as part of this upgrade, the Localization Zones for Ghana, Morocco, Nigeria, Portugal and Senegal will be moved to europe-southwest1.

What are Localization Zones?

Localization Zones allow Cloud SWG to request content using IP addresses that match the country of the end user when there is no compute POP in the user’s country. This gives content providers the ability to return content in the optimal language for the user, better matching their native web experience. Please note that content providers choose whether or not to localize their content and what localizations they support.

Impact

This upgrade requires some IP changes, please carefully review the information below to avoid disruption of service.

New POP GESTO General Availability Date: May 1, 2024

GESMA Decommission Date: May 29, 2024

Ingress IP Addresses:

199.19.249.164 - NEW May 1, 2024 (GESTO)
185.180.48.164 - TO BE RETIRED May 29, 2024 (existing GESMA ingress IP address)

Egress IP Addresses:

199.19.249.0/24 - NEW May 1, 2024 (GESTO)
185.180.48.0/24 - TO BE RETIRED May 29, 2024 (existing GESMA egress IP range)
185.180.51.0/24 - TO BE RETIRED May 29, 2024 (existing GESMA egress IP range)

The Localization Zones for Ghana, Morocco, Nigeria, Portugal and Senegal will use the following new egress IP addresses:

Ghana
- 199.116.175.32/28 - NEW May 1, 2024
- 46.235.158.0/27 - TO BE RETIRED May 1, 2024
Morocco
- 199.116.175.48/28 - NEW May 1, 2024
- 46.235.158.32/27 - TO BE RETIRED May 1, 2024
Nigeria
- 199.116.175.64/28 - NEW May 1, 2024
- 46.235.158.64/27 - TO BE RETIRED May 1, 2024
Portugal
- 199.116.175.80/28 -NEW May 1, 2024
- 46.235.158.96/27 - TO BE RETIRED May 1, 2024
Senegal
- 199.116.175.96/28 - NEW May 1, 2024
- 46.235.157.96/27 -TO BE RETIRED May 1, 2024

Required Action

Prior to the General Availability Date: May 1, 2024

Firewall rules regulating connectivity to/from your network to Cloud SWG should be adjusted to allow traffic to pass to the NEW IP networks listed above.
Third party applications that regulate connections by source IP address should be updated to accept connections from the NEW egress IP networks listed above to ensure traffic proxied through Cloud SWG can reach the application.
Auth Connector must be able to communicate with all egress ranges listed above on TCP 443, where applicable.

Failure to make these changes could prevent users from connecting to Cloud SWG, accessing third party web applications, or authenticating against the service using the Auth Connector (where applicable).

IPsec: Customers must update their tunnel configurations to point to the NEW ingress IP address before May 29, 2024. This change can be made after May 1, 2024.
WSS Agent, Symantec Enterprise Agent: Traffic from all supported agents will be automatically directed to the new POP where appropriate. No action is required.
Explicit proxy, proxy forwarding: Customers directing traffic to proxy.threatpulse.net will be automatically redirected to the new POP. No customer action is required.
Regardless of the connection method, any configuration pointing to a specific POP hostname or IP address (not recommended) must be manually switched to the new POP prior to the decommissioning date to avoid an outage.

Please visit this KB article for a full list of IP networks used by Cloud SWG.

Technical Support

Experiencing issues? Contact technical support by visiting here.

For service status and maintenance updates visit and subscribe to Broadcom Service Status.

Find Your Subscription

Subscribe to Status Updates