Skip to main content
Skyhigh Security

Redesigned Web Gateway Cloud Service infrastructure available to all customers using Web Gateway Cloud Service

Effective November 27, 2017, the redesigned WGCS infrastructure is available to all customers using WGCS.

These changes impact how the legacy proxy settings or * behave in terms of improved performance and access to new infrastructure.

All customers are provided with access to the full set of new worldwide data centers. This access takes advantage of peering technology, and improved load balancing and failover. As part of this change, new proxy instances are added.

To take advantage of these improvements, you must do the following:

  • Set your proxy settings in either your client browser or MCP to c<customer-id>
    For example:
  • Update your firewall rules to add all WGCS proxy IP addresses to the allow list.  


Do I have to migrate to ePO Cloud?
No. You can either update your proxy settings or update your firewall rules. 

1 - What benefits will I see after this change occurs?

  • An increase in Points of Presence (PoP). Customers using or are currently only routed via the Global Routing Manager (GRM) to the old MX-Logic data centers. Switching to the new infrastructure provides 59 PoP in 49 Countries. For more details, see the Skyhigh Security Status Site.
  • 33%+ increase in performance, with peering design at five locations that increases further.
  • New GRM provides dynamic PoP failover to the closest and fastest PoP in milliseconds.
  • New IPsec VPN (both site-to-service and mobile-to-service).
  • You can use DNS prefixes to enforce routing to a particular region or country. For example, or eu.customer-id.saas.

2 - What happens after November 27, 2017, if I don't migrate?
Traffic might be handled by a different infrastructure than before. So, you might see a change in your traffic routing and performance. Also, the new proxy nodes might be blocked by your local firewall, causing an internet access problem for your organization.

3 - What are the new proxy IP addresses that must be added to an allow list or to my firewall rules? Can I obtain a complete list of them?
Yes. A list of all IP addresses for all proxies in different formats (TXT, CSV, JSON) is available from the Skyhigh Security Status Site. This list allows you to manually update your firewall rules. Contact your firewall vendor for more information about implementing these changes.

4 - What are the new proxy DNS addresses that must be added to an allow list or to my firewall rules?
We advise that you do not use DNS names in allow lists on firewalls. If you do, your firewall might resolve the name to a different IP address from the client inside the network and create an inconsistency. This inconsistency might cause internet access problems for your company. We recommend that you use only IP address-based rules.

5 - Where can I find the WGCS product documentation?
You can find the WGCS documentation set, including the Installation, Migration, and Product Guide at our Product Documentation site.
The Product Guide covers topics such as an introduction to configuring the Customer-Specific Proxy (c<customer_id>, and includes links to articles that cover adding IP addresses to allow lists and using a geolocation prefix.

6 - Is there a best practice guide for setting up MCP with Web Gateway?
This information is documented in this Community post.

7 - How do I configure my MCP policy in ePO Cloud?
This information is documented in this Community post.

8 - Can I restrict traffic to a certain region?
Yes. Regional proxy addresses are listed on the Skyhigh Security Status Site.


Related Information

For product documents, go to the Product Documentation portal.



  • Was this article helpful?