Allow IP Address Ranges for Points of Presence

A DNS service, known as the Global Routing Manager (GRM), routes web traffic from your network to instances of Secure Web Gateway on Points of Presence (PoPs), which are nodes in a worldwide network that has been set up as a cloud platform for this product.

To ensure that the endpoints in your network can fully use the GRM for routing traffic, you need to allow the IP address ranges for the PoPs if one of the following or both applies:

• You are using a firewall to restrict web access.

• You are running business-to-business services with partners who restrict access based on source IP addresses.

Proceed as follows:

1. Look up the IP address ranges. 

You can export the list as a file in the following formats:

• ip_addresses.txt  
• ip_addresses.csv
• ip_addresses.json

• IP address ranges are marked according to whether they are used for inbound or outbound traffic, or for both.
  
  

• IP address ranges of networks that have been deactivated are crossed out.

1. Make sure the IP address ranges are entered in allow lists as follows.

   • If you are running a firewall, enter the outbound IP addresses in your firewall allow list.
     
     This ensures access to our PoPs is not blocked by your firewall.

   • If you are working with business partners using business-to-business services, forward the inbound addresses to them, so they can enter them in their allows list for these services.
     
     This ensures you can connect to your business-to-business services through our PoPs.

For information about other IP addresses, see Lists of IP Addresses and Other Parameters for Use in Network Configuration.

Skyhigh Availability Zones

Skyhigh Security availability zones consist of independent groups of datacenters with their own power, cooling, and networking. This design ensures that if one data center fails, remaining regional services and high availability are maintained by the remaining data centers within the regional availability zone.

Skyhigh availability zones protect against localized failures, such as server rack or cluster issues. In these cases, workloads continue seamlessly in other datacenters within the regional availability zone, ensuring resilience even when parts of a zone are operational but degraded.

Regional availability zones are also able to failover to other regional availability zones, so in the unlikely event a regional zone is completely unavailable, then all services can be maintained by adjoining regional zones ensuring high availability and a continuity of service across Skyhigh’s global infrastructure.

Note: To ensure optimal coverage and superior performance of the cloud service, Skyhigh Security recommends the configuration of the entire /17 advertised network ranges within firewall "allow lists." Allowing only smaller subsets of the network, customers may experience connectivity issues if the service has to failover to an availability zone that has not been configured within their allow list range.