The Symantec Cloud SWG team is pleased to announce an optimization of our points-of-presence in Shanghai and Beijing to improve connectivity to certain web destinations. As a result, Symantec will decommission the current Shanghai and Beijing designations and IP ranges which will be replaced by new designations and IP ranges, as detailed below. Both old and new POPs are located in the same facilities, so there is no geographic change. We apologize for any inconvenience this may cause.
Carefully review the information below to avoid disruption of service.
- Designations: ACNSH2, ACNBJ2
- General Availability Date: April 10, 2023
POPs Being Decommissioned
- Designations: ACNSH1, ACNBJ1
- Shutdown Date: April 28, 2023
New POP Ingress IP Addresses (all Access Methods):
- 126.96.36.199 - NEW - April 10, 2023 (Shanghai, ACNSH2)
- 188.8.131.52 - NEW - April 10, 2023 (Beijing, ACNBJ2)
Egress IP Addresses:
NEW - April 10, 2023 (ACNSH2)
NEW - April 10, 2023 (ACNBJ2)
TO BE RETIRED AFTER April 28, 2023:
- 184.108.40.206/28 - TO BE RETIRED - After April 28,2023 (ACNSH1)
- 220.127.116.11/28 - TO BE RETIRED - After April 28,2023 (ACNSH1)
- 18.104.22.168/28 - TO BE RETIRED - After April 28,2023 (ACNSH1)
- 22.214.171.124/28 - TO BE RETIRED - After April 28,2023 (ACNSH1)
- 126.96.36.199/28 - TO BE RETIRED - After April 28,2023 (ACNSH1)
- 188.8.131.52/28 - TO BE RETIRED - After April 28,2023 (ACNBJ1)
- 184.108.40.206/28 - TO BE RETIRED - After April 28,2023 (ACNBJ1)
- 220.127.116.11/28 - TO BE RETIRED - After April 28,2023 (ACNBJ1)
- 18.104.22.168/28 - TO BE RETIRED - After April 28,2023 (ACNBJ1)
- 22.214.171.124/28 - TO BE RETIRED - After April 28,2023 (ACNBJ1)
Prior to April 10, 2023:
- Firewall rules regulating connectivity to/from your network to Cloud SWG should be adjusted to allow traffic to pass to the new IP networks listed above.
- Third party applications that regulate connections by source IP address should be updated to accept connections from the new egress IP networks listed above to ensure traffic proxied through Cloud SWG can reach the applications.
- Auth Connector must be able to communicate with all egress ranges listed above on TCP 443, where applicable.
Failure to make these changes could prevent users from connecting to Cloud SWG, accessing third party web applications, or authenticating against the service using the Auth Connector (where applicable).
- IPsec: Customers must update their tunnel configurations to point to the new ingress IP address before April 28, 2022. This change can be made after April 10, 2023.
- WSS Agent, SEP Agent: Agent traffic will be automatically redirected to the new POP. No customer action is required.
- Explicit proxy and proxy forwarding: Customers explicitly directing traffic to proxy.wss.broadcom.cn will be automatically redirected to the nearest new POP on April 21, 2023. No customer action is required.
- Regardless of the connection method, any configuration pointing to a specific POP hostname or IP address (not recommended) must be manually switched to the new POP prior to the decommissioning date to avoid an outage.
Please visit these KB articles for a full list of IP networks used by Cloud SWG:
If you have further questions regarding this announcement, contact Technical Support. Support information is located at: https://support.broadcom.com/security
For real time updates and status visit and subscribe to Broadcom Service Status: https://status.broadcom.com