Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Routing Web Traffic to PoPs

This article describes how to find the IP addresses of the “primary and secondary” Points of Presence (PoPs) to use when configuring the IP addresses of the “primary and secondary” IPsec or GRE tunnels.

Secure Web Gateway is delivered from the Skyhigh Security Cloud platform, which consists of globally distributed nodes called Points of Presence (PoPs). The Global Routing Manager (GRM) is a DNS service that is responsible for intelligent traffic routing and failover. The GRM routes traffic to the best available point of presence. This article describes how to use DNS/GRM for IPsec / GRE tunnel configuration.

For a global map of PoPs with setup, status, and support information, see Skyhigh Security Status.

Finding the Best-available PoPs

You can find the best-available Points of Presence (PoPs) by using the nslookup command-line tool (standard PC) to query the Global Routing Manager (GRM). GRM returns the IP addresses of the best-available PoPs based on your location. When you are using different OS / environment equivalent DNS lookup tools can be used.

As the IP addresses of our PoPs might change over time, use DNS names in your device configuration whenever possible to maintain the best possible service. You might need these addresses when configuring IPsec or GRE tunnel interfaces on your networking device or in your SD-WAN service if that doesn’t support DNS names.

To find these IP addresses, run the tool from your network, as shown in the examples below. Make sure that the DNS egress IP is reflecting the location of your clients, as this location is used to determine the closest/best PoP.
Each of the examples shows two PoPs, which are first and second best choice.

  • For IPsec
nslookup 1.network.c<customer_id>.wgcs.skyhigh.cloud
nslookup 2.network.c<customer_id>.wgcs.skyhigh.cloud
  • For GRE
nslookup 1.c<customer_id>.gre.wgcs.skyhigh.cloud
nslookup 2.c<customer_id>.gre.wgcs.skyhigh.cloud
            

Use the IP addresses returned by nslookup when this is recommended for your router to configure IPsec or GRE tunnels.

  • Was this article helpful?