WSS POP Replacement Announcement Toronto (GCATO1, GCATO2)

Duration: 23 hours and 59 minutes
Complete
Complete
After 1 month, 2 weeks, 3 days, and 52 minutes

The Toronto (GCATO1, GCATO2) WSS POP maintenance window has been rescheduled. We have worked on an updated schedule and a new notification will be issued shortly with complete details.

Underway
After 1 month, 2 weeks, 2 days, 2 hours, and 8 minutes

The scheduled maintenance is now underway. We'll keep you updated on our progress.

Scheduled
After 3 weeks, 6 days, 21 hours, and 5 minutes

Please take a note of the following date changes:

New POP GCATO2 General Availability Date: May 12, 2022 GCATO1 Decommission Date: June 12, 2022

Scheduled

The Symantec Web Security Service team is pleased to announce a new point-of-presence (POP) in Toronto, Canada. The POP is engineered to service customers in the Toronto region and is taking advantage of the new Toronto Google Cloud region. It will be available on April 25, 2022.

As a result, Symantec will decommission the current Toronto Localization Zone, GCATO1, which is hosted in the Montreal Google Cloud region. The decommission will occur on May 25, 2022.

Carefully review the information below to avoid disruption of service.

New POP GCATO2 General Availability Date: April 25, 2022 GCATO1 Decommission Date: May 25, 2022

Ingress IP Addresses (all Access Methods): • 168.149.130.164 - NEW APRIL 8, 2022 (GCATO2) • 168.149.162.164 - TO BE RETIRED MAY 25, 2022 (existing GCATO1 ingress IP address)

Egress IP Addresses: • 168.149.130.0/24 - NEW APRIL 25, 2022 (GCATO2) • 168.149.131.0/24 - NEW APRIL 25, 2022 (GCATO2) • 168.149.162.0/24 - TO BE RETIRED MAY 6, 2022 (existing GCATO1 egress IP range)

Required Action Prior to the decommission date:

• Firewall rules regulating connectivity to/from your network to WSS should be adjusted to allow traffic to pass to the NEW IP network listed above. • Third party applications that regulate connections by source IP address should be updated to accept connections from the NEW egress IP networks listed above to ensure traffic proxied through WSS can reach the application. • Auth Connector must be able to communicate with all egress ranges listed above on TCP 443, where applicable.

Failure to make these changes could prevent users from connecting to WSS, accessing third party web applications, or authenticating against the service using the Auth Connector (where applicable).

• IPsec: Customers must update their tunnel configurations to point to the NEW ingress IP address before May 25, 2022. This change can be made after April 25, 2022. • WSS Agent, SEP Agent: Agent traffic will be automatically redirected to the new POP. No customer action is required. • Explicit proxy and proxy forwarding: Customers directing traffic to proxy.threatpulse.net will be automatically redirected to the new POP. No customer action is required. • Regardless of the connection method, any configuration pointing to a specific POP hostname or IP address (not recommended) must be manually switched to the new POP prior to the decommissioning date to avoid an outage.

Please visit this KB article for a full list of IP networks used by WSS: https://knowledge.broadcom.com/external/article?legacyId=TECH242979

Technical Support Experiencing issues? Contact technical support by visiting: https://support.broadcom.com/security.

For service status and maintenance updates visit and subscribe to Broadcom Service Status: https://wss.status.broadcom.com.

Began at:

Affected components