The scheduled maintenance has been completed.
Scheduled maintenance is currently in progress. We will provide updates as necessary.
The San Jose, CA (GUSSC) WSS site will undergo maintenance beginning on February 24, 2021 starting at 02:00 UTC, lasting for a duration of up to 36 hours.
• For the first 12 hours of the maintenance window, expect the site to be completely unavailable. The site will be available for the remaining duration of the maintenance window. • IP address changes will occur so it is imperative to adjust access control lists appropriately. • Carefully review the information below to avoid disruption of service.
Ingress IP Addresses
The IP addresses you forward traffic to for filtering. The IP address must match the connection method. For example, do not connect IPsec tunnels to the IP address for WSS Agent. IPsec / Proxy-forwarding / Explicit / SEP Agent:
• 199.19.248.164 - NO CHANGE
WSS Agent / Unified Agent:
• 148.64.18.164 - NO CHANGE
Egress IP Addresses
The IP addresses WSS will use to access content on your behalf and to deliver filtered content to your users. If you use application or firewall access control lists, update those lists prior to the maintenance.
• 199.19.248.0/24 - NO CHANGE • 148.64.18.0/24 - NO CHANGE • 148.64.20.0/24 - NEW
Impact
Expect the site to be completely unavailable on February 24, 2021 starting at 23:00 UTC, for a duration of up to 12 hours.
Required Action
Failure to make these changes could prevent users from connecting to WSS, accessing third party web applications, or authenticating against the service using the Auth Connector (where applicable). • Firewall rules regulating connectivity to/from your network to WSS should be adjusted to allow traffic to pass to the ingress IP networks listed above. • Third party applications that regulate connections by source IP address should be updated to accept connections from the egress IP networks listed above to ensure traffic proxied through WSS can reach the application. • Auth Connector must be able to communicate with all egress ranges listed above on TCP 443, where applicable.
Guidance for specific connection methods:
• IPsec: Switch to your secondary tunnel prior to the maintenance window. • WSS Agent and Unified Agent: User traffic will be automatically redirected by the service to the nearest alternate site during the maintenance window. • SEP Agent: User traffic will be automatically redirected by the service to the nearest alternate site during the maintenance window. • Explicit proxy and proxy forwarding: Customers directing traffic to proxy.threatpulse.net will be automatically redirected by the service to the nearest alternate site during the maintenance window.
WARNING:
Any customer, regardless of connection method, with a configuration pointing to a specific site or IP address must manually failover to a secondary site during the migration window to avoid an outage. Explicit redirection should never point to an IP address. Only IPsec connections should be directed to IP addresses.
Support
Questions? Contact technical support by visiting: https://support.broadcom.com/security.
For service status and maintenance updates visit and subscribe to Broadcom Service Status: https://wss.status.broadcom.com.
We’ll find your subscription and send you a link to login to manage your preferences.
We’ve found your existing subscription and have emailed you a secure link to manage your preferences.
We’ll use your email to save your preferences so you can update them later.
Subscribe to other services using the bell icon on the subscribe button on the status page.
You’ll no long receive any status updates from Broadcom Service Status, are you sure?
{{ error }}
We’ll no longer send you any status updates about Broadcom Service Status.