CANCELLED: Cloud SWG POP Upgrade: Milan (GITMI1, GITMO1)

The Milan Localization Zone maintenance window has been cancelled. We are working on an updated schedule and a new notification will be issued once a revised schedule is finalized.

Note: The previously communicated existing IP ranges will not be retired on November 15 or November 22, 2023.

Update

There has been a change in the upgrade schedule. Please take a note of the following new dates:

New POP GITMO1 General Availability Date: November 2, 2023 GITMI1, GITMI11 Decommission Date: November 22, 2023

We are pleased to announce that the Milan Localization Zone (GITMI1) will be upgraded to a compute point-of-presence (POP) in Milan. The new POP, GITMO1, is engineered to service customers in Italy and the surrounding region. GITMO1 uses the new Google Cloud region europe-west8 in Milan. It will be available on October 25, 2023.

Carefully review the information below to avoid disruption of service.

New POP GITMO1 General Availability Date: October 25, 2023 GITMI1, GITMI11 Decommission Date: November 15, 2023

Ingress IP Addresses (all Access Methods):

• 185.180.49.164 - NEW October 25, 2023 (GITMO1)
• 46.235.159.164 - TO BE RETIRED November 15, 2023 (existing GITMI1 ingress IP address)
• 148.64.10.164 - TO BE RETIRED November 15, 2023 (existing GITMI11 ingress IP address)

Egress IP Addresses:

• 185.180.49.0/24 - NEW October 25, 2023 (GITMO1)
• 46.235.159.0/24 - TO BE RETIRED November 15, 2023 (existing GITMI1 egress IP range)
• 148.64.10.0/24 - TO BE RETIRED November 15, 2023 (existing GITMI11 egress IP range)

Required Action

Prior to the decommission date:

• Firewall rules regulating connectivity to/from your network to Cloud SWG should be adjusted to allow traffic to pass to the NEW IP network listed above.
• Third party applications that regulate connections by source IP address should be updated to accept connections from the NEW egress IP networks listed above to ensure traffic proxied through Cloud SWG can reach the application.
• Auth Connector must be able to communicate with all egress ranges listed above on TCP 443, where applicable.

Failure to make these changes could prevent users from connecting to Cloud SWG, accessing third party web applications, or authenticating against the service using the Auth Connector (where applicable).

• IPsec: Customers must update their tunnel configurations to point to the NEW ingress IP address before November 15, 2023. This change can be made after October 25, 2023.
• WSS Agent, SEP Agent: Agent traffic will be automatically redirected to the new POP. No customer action is required.
• Explicit proxy and proxy forwarding: Customers directing traffic to proxy.threatpulse.net will be automatically redirected to the new POP. No customer action is required.
• Regardless of the connection method, any configuration pointing to a specific POP hostname or IP address (not recommended) must be manually switched to the new POP prior to the decommissioning date to avoid an outage.

Please visit this KB article for a full list of IP networks used by Cloud SWG: https://knowledge.broadcom.com/external/article?legacyId=TECH242979

Technical Support

Experiencing issues? Contact technical support by visiting: https://support.broadcom.com/security.

For service status and maintenance updates visit and subscribe to Broadcom Service Status: https://status.broadcom.com.