Cloud SWG: General Product Maintenance April 28-29, 2026 [ACTION REQUIRED]

Broadcom will perform scheduled maintenance on the Cloud SWG Service in Taipei (GTWTA), Portland (GUSPO), Stockholm (GSESK) and Warsaw (GPOWA). All services will remain operational throughout the maintenance window; however, a behavior change might occur with PBR and Dedicated IPs policies. Review the Behavior Changes section below to ensure continued service and to avoid potential disruption.

Timing

Maintenance begins April 28, 2026 and completes by April 29, 2026. All work occurs between 18:00 and 06:00 local data center time.

Impact

During this maintenance event, all services will remain operational and available. The following describes what happens to connected clients, depending on the access method used. No action is required.

• Explicit Proxy / WSS Agent / Endpoint Security Agent / Proxy Forwarding: Connections are automatically rerouted to active data pods within the same datacenter (site) or region.
• IPSec: A brief failover delay might occur while the load balancer switches traffic to another active data pod.

Behavior Changes

• Change 1: With this maintenance, the case for HTTP header names sent by the client will be maintained when being set or appended by policy while sending request headers to the server. Prior to this maintenance, the policy replaces request headers with a camel case version. Note that HTTP/2 traffic is unaffected by this behavior change, as the HTTP/2 protocol strictly mandates lowercase header names. For more information please refer to the KB article 438061.

• Change 2: If you are using PBR, Dedicated IPs and CASB DLP Scanning for MS Copilot (CASB WebSocket), be aware that this maintenance introduces two changes to how traffic is handled when multiple rules match the same connection.

PBR and CASB WebSocket

Before: If both a Policy-Based Routing (PBR) rule with Shared IPs and a rule for CASB WebSocket matched, and PBR decided to egress traffic locally, the traffic bypassed PBR entirely. CASB WebSocket processing was also skipped.

After: Traffic now follows this logic:

• Non-local egress decision: Traffic is forwarded through PBR as normal.
• Local egress decision: Traffic is forwarded to the nearest PBR site instead of egressing locally. This change might affect in-country egress behavior in some configurations.

To revert to the previous behavior, please contact Broadcom Technical Support at https://support.broadcom.com/security

Dedicated IPs and CASB WebSocket

Before: If both a Dedicated IPs rule and a CASB WebSocket rule matched, traffic was routed through Dedicated IPs. CASB WebSocket processing was skipped.

After: CASB WebSocket processing takes priority. Dedicated IP policy is not enforced for those matching domains. To revert to the previous behavior, please contact Broadcom Technical Support at https://support.broadcom.com/security

Technical Support

Having issues? Reach Broadcom Technical Support at: https://support.broadcom.com/security

For live service status and maintenance updates, subscribe to Broadcom Service Status: https://status.broadcom.com/services/cloud-secure-web-gateway