Web Security Service Announcement - Capacity Expansion for Sao Paulo (GBRSP) Data Center

6 hours
Complete
Complete

An update to the Sao Paulo (GBRSP) data center migration has been issued. You can find the updated information below.

https://wss.status.broadcom.com/incidents/31bnstz8ds24

Update

Please note: The time of this maintenance has been rescheduled to start on April 23, 2020, at 20:00 UTC and will last up to 6 hours.

New Schedule

  • Start Date: April 23, 2020, at 20:00 UTC
  • End Date: April 24, 2020, at 02:00 UTC

  • Scheduled

    As part of the previously announced migration to Google Cloud Platform (GCP), additional capacity will be added to the Sao Paulo, Brazil (GBRSP) site on April 23, 2020 starting at 20:00 UTC. This maintenance will last up to 6 hours.

    Impact No impact to WSS traffic is expected during the maintenance window.

    At the conclusion of the maintenance, all Unified Agent, WSSA, and Symantec Endpoint Protection Web Traffic Redirector (SEP-WTR) for the Sao Paulo, Brazil (GRU1) site will be processed in the new GCP Sao Paulo (GBRSP) site. The IP addresses for sep-wtr.threatpulse.net, proxy.threatpulse.net, and ep.threatpulse.net for Sao Paulo traffic will also change as a part of this migration as described in more detail in the Required Action section below.

    IPSec traffic will not be moved to the Sao Paulo (GBRP) site as part of this maintenance. Customers will need to move IPSec and any other traffic using the Sao Paulo (GRU1) ingress IP to the new Sao Paulo (GBRSP) IPSec ingress IP listed below by April 30, 2020 as previously announced.

    The ingress IP address for IPSec access for Sao Paulo (GBRSP) will be:

    34.95.130.164 (Existing address, no change should be required)

    The ingress IP addresses for all other access methods for Sao Paulo (GBRSP) will be:

    34.95.130.164 (New ingress address, change may be required) 34.95.146.164 (New ingress address, change may be required) 34.95.225.164 (New ingress address, change may be required)

    The egress network IP ranges for Sao Paulo (GBRSP) will be:

    34.95.130.0/24 (New range, change may be required) 34.95.146.0/24 (New range, change may be required) 34.95.225.0/24 (New range, change may be required)

    Required Action If end user connectivity to WSS is regulated by stringent firewall rules, those firewall rules should be adjusted to allow traffic to pass to the ingress and egress IP networks listed above prior to the maintenance window. In addition, any third party application provider who regulates connections by source IP should be updated to accept connections from the ingress and egress IP networks listed above to ensure WSS traffic passes unencumbered.

    IPSec: Customers should bring up their secondary tunnel prior during the maintenance window.

    Unified Agent and WSS Agent: Firewall rules may need to be updated as described above to allow the new ingress and egress addresses. Customer traffic will be automatically redirected by Symantec to the nearest alternate site during the maintenance window.

    Symantec Endpoint Protection Web Traffic Redirector (SEP-WTR): The underlying IP address for sep-wtr.threatpulse.net will be updated as part of this migration. Firewall rules will need to be updated as described above to allow the new ingress and egress addresses. Customer traffic will be automatically redirected by Symantec to the nearest alternate site during the maintenance window.

    Explicit proxy and proxy forwarding: The underlying IP address for proxy.threatpulse.net will change as a part of this migration. Firewall rules will need to be updated as described above to allow the new ingress and egress addresses. Customers directing traffic to proxy.threatpulse.net will be automatically redirected by Symantec to the nearest alternate site during the maintenance window..

    Explicit over IPSec (“trans-proxy”): The underlying IP address for ep.threatpulse.net will change as part of this migration. Firewall rules will need to be updated as described above to allow the new ingress and egress addresses. Customers that use explicit proxy through IPSec to ep.threatpulse.net should take the same action as IPSec customers and bring up their secondary tunnel during the maintenance.

    Others: Any customer, regardless of connection method, with a configuration pointing to a specific site or IP address must manually failover to a secondary site during the migration window to avoid an outage.

    Please visit these KB articles for a full list of IP networks used by WSS: Worldwide data center IP addresses: https://knowledge.broadcom.com/external/article?legacyId=TECH242979 Authentication IP addresses: https://knowledge.broadcom.com/external/article?legacyId=TECH240889

    Questions? Please visit this KB article for additional details on the Web Security Service Migration to Google Cloud Platform: https://knowledge.broadcom.com/external/article?legacyId=tech257356

    If you have further questions regarding this announcement, contact Technical Support. Support information is located at: https://support.broadcom.com/security

    Original Schedule • Start Date: April 22, 2020, at 20:00 UTC • End Date: April 23, 2020, at 02:00 UTC

    Began at:

    Affected components