Web Security Service Announcement - Capacity Expansion for Seattle, Washington (GUSSE) Data Center

Tuesday, 21 April 6 hours
Complete
Complete

The scheduled maintenance has been completed.

Underway

Scheduled maintenance is currently in progress. We will provide updates as necessary.

Scheduled

As part of the previously announced migration to Google Cloud Platform (GCP), additional capacity will be added to the Seattle, Washington (GUSSE) site on April 21, 2020 starting at 02:00 UTC. This maintenance will last up to 6 hours.

Impact No impact to WSS traffic is expected during the maintenance window.

At the conclusion of the maintenance, all Unified Agent, WSSA, and Symantec Endpoint Protection Web Traffic Redirector (SEP-WTR) for the Seattle (SEA1) site will be processed in the new GCP Seattle (GUSSE) site. The IP addresses for sep-wtr.threatpulse.net, proxy.threatpulse.net, and ep.threatpulse.net for Seattle traffic will also change as a part of this migration as described in more detail in the Required Action section below.

IPSec traffic will not be moved to the Seattle (GUSSE) site as part of this maintenance. Customers will need to move IPSec and any other traffic using the Seattle (SEA1) ingress IP to the new Seattle (GUSSE) IPSec ingress IP listed below by April 30, 2020 as previously announced.

The ingress IP address for IPSec access for Seattle (GUSSE) will be:

170.176.241.164 (Existing address, no change should be required)

The ingress IP addresses for all other access methods for Seattle (GUSSE) will be:

170.176.241.164 (New ingress address, change may be required) 168.149.164.164 (New ingress address, change may be required) 34.82.226.164 (New ingress address, change may be required)

The egress network IP ranges for Seattle (GUSSE) will be:

170.176.241.0/24 (New range, change may be required) 168.149.164.0/24 (New range, change may be required) 34.82.226.0/24 (New range announced on April 14, 2020, change may be required)

Required Action If end user connectivity to WSS is regulated by stringent firewall rules, those firewall rules should be adjusted to allow traffic to pass to the ingress and egress IP networks listed above prior to the maintenance window. In addition, any third party application provider who regulates connections by source IP should be updated to accept connections from the ingress and egress IP networks listed above to ensure WSS traffic passes unencumbered.

IPSec: Customers should bring up their secondary tunnel prior during the maintenance window.

Unified Agent and WSS Agent: Firewall rules may need to be updated as described above to allow the new ingress and egress addresses. Customer traffic will be automatically redirected by Symantec to the nearest alternate site during the maintenance window.

Symantec Endpoint Protection Web Traffic Redirector (SEP-WTR): The underlying IP address for sep-wtr.threatpulse.net will be updated as part of this migration. Firewall rules will need to be updated as described above to allow the new ingress and egress addresses. Customer traffic will be automatically redirected by Symantec to the nearest alternate site during the maintenance window.

Explicit proxy and proxy forwarding: The underlying IP address for proxy.threatpulse.net will change as a part of this migration. Firewall rules will need to be updated as described above to allow the new ingress and egress addresses. Customers directing traffic to proxy.threatpulse.net will be automatically redirected by Symantec to the nearest alternate site during the maintenance window.

Explicit over IPSec (“trans-proxy”): The underlying IP address for ep.threatpulse.net will change as part of this migration. Firewall rules will need to be updated as described above to allow the new ingress and egress addresses. Customers that use explicit proxy through IPSec to ep.threatpulse.net should take the same action as IPSec customers and bring up their secondary tunnel during the maintenance.

Others: Any customer, regardless of connection method, with a configuration pointing to a specific site or IP address must manually failover to a secondary site during the migration window to avoid an outage.

Please visit these KB articles for a full list of IP networks used by WSS: Worldwide data center IP addresses: https://knowledge.broadcom.com/external/article?legacyId=TECH242979 Authentication IP addresses: https://knowledge.broadcom.com/external/article?legacyId=TECH240889

Questions? Please visit this KB article for additional details on the Web Security Service Migration to Google Cloud Platform: https://knowledge.broadcom.com/external/article?legacyId=tech257356

If you have further questions regarding this announcement, contact Technical Support. Support information is located at: https://support.broadcom.com/security

Schedule • Start Date: April 21, 2020, at 02:00 UTC • End Date: April 21, 2020, at 08:00 UTC

Began at:

Affected components