Web Security Service Announcement - Mumbai Data Center Migration

12 hours
Complete
Complete

The scheduled maintenance has been completed.

Underway

Scheduled maintenance is currently in progress. We will provide updates as necessary.

Update

Update on Upcoming Scheduled Maintenance Notice

This notice contains important information on required actions that have not been previously communicated.

As part of the previously announced migration to Google Cloud Platform (GCP), the Mumbai, India WSS site will be migrated on April 20, 2020, starting at 13:30 UTC. This maintenance will last up to 12 hours.

At the conclusion of the maintenance, all WSS traffic for the Mumbai site will be processed in the new GCP-based POP designated Mumbai, India (GINMU).

The ingress IP address for IPSec access for Mumbai (GINMU) will be:

148.64.4.164 (Existing address, no change should be required)

The ingress IP addresses for all other access methods for Mumbai (GINMU) will be:

148.64.4.164 (Existing address, no change should be required) 148.64.5.164 (New ingress address, change may be required) 34.93.162.164 (New ingress address, change may be required)
34.93.66.164 (New ingress address, change may be required) 34.93.160.164 (New ingress address, change may be required)

The egress network IP ranges for Mumbai (GINMU) will be:

148.64.4.0/24 (Existing range, no change should be required) 148.64.5.0/24 (Existing range, no change should be required) 34.93.162.0/24 (New range announced 3/23, change may be required) 34.93.66.0/24 (New range announced 4/14, change may be required) 34.93.160.0/24 (New range announced 4/14, change may be required)

Impact Expect the site to be completely unavailable during the maintenance window.

Required Action If end user connectivity to WSS is regulated by stringent firewall rules, those firewall rules should be adjusted to allow traffic to pass to the ingress and egress IP networks listed above prior to the maintenance window. In addition, any third party application provider who regulates connections by source IP should be updated to accept connections from the ingress and egress IP networks listed above to ensure WSS traffic passes unencumbered.

IPSec: Customers should bring up their secondary tunnel prior during the maintenance window.

Unified Agent and WSS Agent: Firewall rules may need to be updated as described above to allow the new ingress and egress addresses. Customer traffic will be automatically redirected by Symantec to the nearest alternate site during the maintenance window.

Symantec Endpoint Protection Web Traffic Redirector (SEP-WTR): The underlying IP address for sep-wtr.threatpulse.net will be updated as part of this migration. Firewall rules will need to be updated as described above to allow the new ingress and egress addresses. Customer traffic will be automatically redirected by Symantec to the nearest alternate site during the maintenance window.

Explicit proxy and proxy forwarding: The underlying IP address for proxy.threatpulse.net will change as a part of this migration. Firewall rules will need to be updated as described above to allow the new ingress and egress addresses. Customers directing traffic to proxy.threatpulse.net will be automatically redirected by Symantec to the nearest alternate site during the maintenance window..

Explicit over IPSec (“trans-proxy”): The underlying IP address for ep.threatpulse.net will change as part of this migration. Firewall rules will need to be updated as described above to allow the new ingress and egress addresses. Customers that use explicit proxy through IPSec to ep.threatpulse.net should take the same action as IPSec customers and bring up their secondary tunnel during the maintenance.

Others: Any customer, regardless of connection method, with a configuration pointing to a specific site or IP address must manually failover to a secondary site during the migration window to avoid an outage.

Please visit these KB articles for a full list of IP networks used by WSS: Worldwide data center IP addresses: https://knowledge.broadcom.com/external/article?legacyId=TECH242979 Authentication IP addresses: https://knowledge.broadcom.com/external/article?legacyId=TECH240889

Questions? Please visit this KB article for additional details on the Web Security Service Migration to Google Cloud Platform: https://knowledge.broadcom.com/external/article?legacyId=tech257356

If you have further questions regarding this announcement, contact Technical Support. Support information is located at: https://support.broadcom.com/security

Schedule

  • Start Date: April 20, 2020, at 13:30 UTC
  • End Date: April 21, 2020, at 01:30 UTC

  • Scheduled

    As part of the previously announced migration to Google Cloud Platform (GCP), the Mumbai, India WSS site will be migrated on April 20, 2020 starting at 13:30 UTC. This maintenance will last up to 12 hours.

    At the conclusion of the maintenance, all WSS traffic for the Mumbai site will be processed in the new GCP-based POP. The ingress and egress network IP addresses for the Mumbai site will remain unchanged.

    Impact Expect the site to be completely unavailable during the maintenance window.

    Required Action IPSec: Customers should bring up their secondary tunnel prior during the maintenance window.

    Unified Agent and WSS Agent: No customer action is required. Customer traffic will be automatically redirected by Symantec to the nearest alternate site during the maintenance window.

    Symantec Endpoint Protection Web Traffic Redirector (SEP-WTR): No customer action is required. Customer traffic will be automatically redirected by Symantec to the nearest alternate site during the maintenance window. The underlying IP address for sep-wtr.threatpulse.net will not change as part of this migration.

    Explicit proxy and proxy forwarding: No customer action is required. Customers directing traffic to proxy.threatpulse.net will be automatically redirected by Symantec to the nearest alternate site during the maintenance window. The underlying IP address for proxy.threatpulse.net will not change as a part of this migration.

    Explicit over IPSec (“trans-proxy”): Customers that use explicit proxy through IPSec to ep.threatpulse.net should take the same action as IPSec customers and bring up their secondary tunnel during the maintenance. The underlying IP address for ep.threatpulse.net will not change as part of this migration.

    Others:Any customer, regardless of connection method, with a configuration pointing to a specific site or IP address must manually failover to a secondary site during the migration window to avoid an outage.

    Please visit these KB articles for a full list of IP networks used by WSS: Worldwide data center IP addresses: https://knowledge.broadcom.com/external/article?legacyId=TECH242979 Authentication IP addresses: https://knowledge.broadcom.com/external/article?legacyId=TECH240889

    Questions? Please visit this KB article for additional details on the Web Security Service Migration to Google Cloud Platform: https://knowledge.broadcom.com/external/article?legacyId=tech257356

    If you have further questions regarding this announcement, contact Technical Support. Support information is located at: https://support.broadcom.com/security

    For real time updates and status visit and subscribe to Broadcom Service Status: https://wss.status.broadcom.com

    Schedule

  • Start Date: April 20, 2020, at 13:30 UTC
  • End Date: April 21, 2020, at 01:30 UTC

  • Began at: