Web Security Service Announcement - Capacity Expansion Tokyo (GJPTK) IP network
The scheduled maintenance has been completed.
Scheduled maintenance is currently in progress. We will provide updates as necessary.
Web Security Service will add capacity in the Tokyo (GJPTK) data center on July 2, 2020, starting at 14:00 UTC. This maintenance will last up to 8 hours.
As part of the maintenance activities a new egress IP network will be deployed in this site.
The new egress network IP range is:
170.176.244.0/24
Impact No impact is expected during the maintenance.
At the conclusion of the maintenance, content providers and customers will see connections from the new IP space when the new egress network range goes live. Traffic for all access methods may be processed using the new egress network IP range in addition to any other ranges already in use at this site. The ingress IP addresses for the site will not change.
Please visit these KB articles for a full list of IP networks used by WSS including the new addresses being communicated in this service announcement:
Required Action If end user connectivity to WSS is regulated by stringent firewall rules, those firewall rules should be adjusted to allow traffic to pass to and from the egress IP network listed above prior to the maintenance window. In addition, any third party application provider who regulates connections by source IP should be updated to accept connections from the egress IP network listed above to ensure WSS traffic passes unencumbered.
Explicit over IPsec (“trans-proxy”): The underlying IP address for ep.threatpulse.net will NOT change as part of this migration.
The access methods below all require firewall changes. The following use case demonstrates why these access methods require firewall changes:
Use case: Group-based policies and authentication: Even in the case where users may be roaming and not coming from the same location, group based policies could fail if the auth connector cannot communicate with these new egress IP addresses.
It is imperative that the firewall whitelist access to these egress IP addresses to avoid problems.
Unified Agent and WSS Agent: Firewall rules will need to be updated as described above to allow the new egress addresses.
Symantec Endpoint Protection Web Traffic Redirector (SEP-WTR): The underlying IP address for sep-wtr.threatpulse.net will not change as part of this migration. Firewall rules will need to be updated as described above to allow the new egress addresses.
Explicit proxy and proxy forwarding: The underlying IP address for proxy.threatpulse.net will not change as a part of this migration. Firewall rules will need to be updated as described above to allow the new egress addresses.
Questions? If you have further questions regarding this announcement, contact Technical Support. Support information is located at: https://support.broadcom.com/security
For real time updates and status visit and subscribe to Broadcom Service Status: https://wss.status.broadcom.com
Schedule
-
Cloud Secure Web Gateway
-
Point of Presence (POP) - APAC
- Tokyo, Japan (GJPTK)
-
Point of Presence (POP) - APAC
Find Your Subscription
We’ll find your subscription and send you a link to login to manage your preferences.
Check Your Inbox
We’ve found your existing subscription and have emailed you a secure link to manage your preferences.
Subscribe to Status Updates
We’ll use your email to save your preferences so you can update them later.
-
Email{{ value }}
-
Text Message{{ value }}
-
Slack
-
Microsoft Teams{{ value }}
-
Google Chat
Subscribe to other services using the bell icon on the subscribe button on the status page.
Unsubscribe Completely?
You’ll no long receive any status updates from Broadcom Service Status, are you sure?
{{ error }}
You’re Unsubscribed!
We’ll no longer send you any status updates about Broadcom Service Status.