Cloud SWG Announcement: Washington, DC (GUSAS) POP Failover Testing

1 day and 12 hours
Complete
Complete

The maintenance is now complete. Thanks for your patience.

Underway

The scheduled maintenance is now underway. We'll keep you updated on our progress.

Scheduled

The Washington, DC (GUSAS) Cloud SWG site will undergo a data center failover test beginning on September 24, 2024 starting at 23:00 UTC, lasting for a duration of up to 36 hours. Failover testing is conducted on a regular basis to ensure the platform can gracefully handle a real outage. Carefully review the information below to avoid disruption of service.

Timing

  • Failover : September 24, 2024 at 23:00 UTC
  • Failback : September 25, 2024 at 23:00 UTC

Impact

The following describes what happens to connected clients during the testing window, based on access method:

  • WSS Agent and SEP Agent: The service automatically redirects connections to alternate infrastructure within the same geographic location during the testing window.
  • No other connection methods will be impacted.
  • WSS Agent status window will display the data center name as UNK (ip_address) by design. Browsing to pod.threatpulse.com will display the data center name.

Cloud SWG Washington (GUSAS) egress IP ranges (provided for convenience; there are no changes):

  • 168.149.146.0/24
  • 168.149.143.0/24
  • 168.149.144.0/24
  • 168.149.151.0/24

Cloud SWG Des Moines (GUSDM) egress IP ranges (provided for convenience; there are no changes):

  • 199.247.45.0/24
  • 199.247.32.0/24
  • 199.247.33.0/24
  • 199.247.44.0/24
  • 199.116.169.0/24
  • 199.116.170.0/24
  • 148.64.31.0/24

Please reference this KB article for all Cloud SWG data center IP ranges.

Required Action

Prior to September 24, 2024, please ensure that your agents can connect to any Cloud SWG data center to maximize failover opportunities. Although most agents will fail over to Melbourne, some may failover to other data centers for various reasons. Failure to make these changes could prevent users from connecting to Cloud SWG, accessing third party web applications, or authenticating against the service using the Auth Connector (where applicable).

  • Firewall rules regulating connectivity to/from your network to Cloud SWG should be adjusted to allow traffic to pass to the IP networks listed in the KB article above.
  • Third party applications that regulate connections by source IP address should be updated to accept connections from the IP networks in the KB article above to ensure traffic proxied through Cloud SWG can reach the applications.
  • Auth Connector must be able to communicate with all IP ranges listed in the KB article above, on TCP 443, where applicable.

Technical Support

Experiencing issues? Contact technical support by visiting: https://support.broadcom.com/security.

For service status and maintenance updates visit and subscribe to Broadcom Service Status.

Began at:

Affected components