CANCELLED: Cloud SWG POP Upgrade: Madrid (GESMA1, GESTO1)

1 day
Complete
Complete

The Madrid Localization Zone maintenance window has been cancelled. We are working on an updated schedule and a new notification will be issued once a revised schedule is finalized.

Note: The previously communicated existing IP ranges will not be retired on November 15 or November 22, 2023.

Scheduled

Update

There has been a change in the upgrade schedule. Please take a note of the following new dates:

New POP GESTO1 General Availability Date: November 2, 2023 GESMA1, GESMA11 Decommission Date: November 22, 2023

Scheduled

We are pleased to announce that the Madrid Localization Zone (GESMA1) will be upgraded to a compute point-of-presence (POP) in Madrid. The new POP, GESTO1, is engineered to service customers in Spain and the surrounding region. GESTO1 uses the new Google Cloud region europe-southwest1 in Madrid. It will be available on October 25, 2023.

Carefully review the information below to avoid disruption of service.

New POP GESTO1 General Availability Date: October 25, 2023

GESMA1, GESMA11 Decommission Date: November 15, 2023

Ingress IP Addresses (all Access Methods):

  • 168.149.147.164 - NEW October 25, 2023 (GESTO1)
  • 185.180.48.164 - TO BE RETIRED November 15, 2023 (existing GESMA1 ingress IP address)
  • 185.180.51.164 - TO BE RETIRED November 15, 2023 (existing GESMA11 ingress IP address)

Egress IP Addresses:

  • 168.149.147.0/24 - NEW October 25, 2023 (GESTO1)
  • 185.180.48.0/24 - TO BE RETIRED November 15, 2023 (existing GESMA1 egress IP range)
  • 185.180.51.0/24 - TO BE RETIRED November 15, 2023 (existing GESMA11 egress IP range)

Required Action

Prior to the decommission date:

  • Firewall rules regulating connectivity to/from your network to Cloud SWG should be adjusted to allow traffic to pass to the NEW IP network listed above.
  • Third party applications that regulate connections by source IP address should be updated to accept connections from the NEW egress IP networks listed above to ensure traffic proxied through Cloud SWG can reach the application.
  • Auth Connector must be able to communicate with all egress ranges listed above on TCP 443, where applicable.

Failure to make these changes could prevent users from connecting to Cloud SWG, accessing third party web applications, or authenticating against the service using the Auth Connector (where applicable).

  • IPsec: Customers must update their tunnel configurations to point to the NEW ingress IP address before November 15, 2023. This change can be made after October 25, 2023.
  • WSS Agent, SEP Agent: Agent traffic will be automatically redirected to the new POP. No customer action is required.
  • Explicit proxy and proxy forwarding: Customers directing traffic to proxy.threatpulse.net will be automatically redirected to the new POP. No customer action is required.
  • Regardless of the connection method, any configuration pointing to a specific POP hostname or IP address (not recommended) must be manually switched to the new POP prior to the decommissioning date to avoid an outage.

Please visit this KB article for a full list of IP networks used by Cloud SWG.

Technical Support

Experiencing issues? Contact technical support by visiting here.

For service status and maintenance updates visit and subscribe to Broadcom Service Status.

Began at:

Affected components
  • Cloud Secure Web Gateway
    • Point of Presence (POP) - Europe And The Middle East
      • Madrid, Spain (GESTO) ( Previously Madrid, Spain (GESMA))