Cloud SWG: London (GGBLO) Data Center Failover Testing

1 day and 12 hours
Complete
Complete

The maintenance is now complete. Thanks for your patience.

Underway

The scheduled maintenance is now underway. We'll keep you updated on our progress.

Update

Update

For this upcoming failover testing, we will conduct the failover/failback test only once during the maintenance window. We will begin the failover process on February 6, 2024 at 20:00 UTC and then on February 7, 2024 at 20:00 UTC, we will begin the failback process.

Scheduled

The London, UK (GGBLO) Cloud SWG site will undergo a data center failover test beginning on February 6,2024 starting at 20:00 UTC, lasting for a duration of up to 36 hours. Failover testing is conducted on a regular basis to ensure the platform can gracefully handle a real outage. Carefully review the information below to avoid disruption of service.

Impact

The following describes what happens to connected clients during the testing window, based on access method:

  • WSS Agent and SEP Agent: The service automatically redirects connections to alternate infrastructure (likely Dover - GGBDO) during the testing window.
  • No other connection methods will be impacted.

Cloud SWG Dover (GGBDO) egress IP ranges (provided for convenience; there are no changes):

  • 109.68.59.0/24
  • 109.68.60.0/24
  • 109.68.61.0/24
  • 109.68.62.0/24

Please reference this KB article for all Cloud SWG data center IP ranges:

https://knowledge.broadcom.com/external/article/167174/web-security-service-wss-ingress-and-egr.html

Required Action

Prior to February 6,2024, please ensure that your agents can connect to any Cloud SWG data center to maximize failover opportunities. Although most agents will fail over to Dover, some may failover to other data centers for various reasons. Failure to make these changes could prevent users from connecting to Cloud SWG, accessing third party web applications, or authenticating against the service using the Auth Connector (where applicable).

  • Firewall rules regulating connectivity to/from your network to Cloud SWG should be adjusted to allow traffic to pass to the IP networks listed in the KB article above.
  • Third party applications that regulate connections by source IP address should be updated to accept connections from the IP networks in the KB article above to ensure traffic proxied through Cloud SWG can reach the applications.
  • Auth Connector must be able to communicate with all IP ranges listed in the KB article above, on TCP 443, where applicable.

Technical Support

Experiencing issues? Contact technical support by visiting: https://support.broadcom.com/security.

For service status and maintenance updates visit and subscribe to Broadcom Service Status: https://status.broadcom.com/services/cloud-secure-web-gateway.

Began at:

Affected components