Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

About Dedicated Egress IP Capability

  1. Last updated
  2. Save as PDF

The Dedicated Egress IP capability provided by Skyhigh Security enables you to redirect your egress traffic through specific public IP addresses. These IP addresses are specifically assigned to your organization. Once you purchase these IP addresses, ownership will be transferred to your organization. This ensures that any WHOIS lookup accurately identifies and associates the IP with the respective user.

You can choose to redirect all or specific traffic through the dedicated public IP addresses assigned to you. You have the freedom to select which POP you want those IP addresses to be listed in. Additionally, you can use policies to define which traffic you want to redirect using the Dedicated Egress IP assigned to you.

You will also have the flexibility to decide how the traffic behaves if the dedicated IP address assigned to you is not available.

To avoid a single point of failure, it is recommended to have a minimum of two POPs, each with one egress IP. one egress IP can only be associated with one physical location. For details, see View Current Egress IP Addresses.

For more information about these addresses and how to use one in a rule that you create on your own, see Configure an Egress IP Address for Use in Existing Secure Web Gateway.

NOTE: A minimum of two IP addresses is required for high availability.

all use cases.png

Here, you can find different scenario based configuration for dedicated egress IP.

Universal Dedicated IP Allocation

If you want all traffic to egress through a dedicated IP to avoid issues such as shared IP address reputation, configure all traffic to utilize dedicated IPs. Route all traffic through dedicated IP POPs to ensure that each traffic flow has a distinct egress address.

For example, you can select All Traffic as criteria in the rule builder and it allow all traffic to use dedicated IP.

all traffic.png

Customized Dedicated IP Allocation  

For authentication and login source IP restrictions, this feature supports partner and third-party integrations that necessitate dedicated IP addresses. It facilitates the monitoring of dedicated IP space for cybersecurity, intelligence, and forensic use cases. Specifically selected traffic leaving the system should utilize dedicated IPs.

For example, you can select URL as criteria in the rule builder and it allows specific URL traffic to use dedicated IP.

specific IP.png

Geographically Targeted IP Allocation

When a user in a specific country uses SSE, the ingress POP (Point of Presence) country matches that country, with an IP assigned from POPs within the same country. In such cases, the system supports directing selected traffic from the ingress POP country to egress POPs located in the same specific country, ensuring dedicated country-specific IPs. For details, see Configure Ruleset with Ingress POP Country.

For example, if a user in the US is using SSE, then the ingress POP country would be the US, and they would be assigned an IP in US POPs.

Specific country.png

Availability of Dedicated Egress IP

The system determines the availability of the user's custom egress IP at this POP, yielding a Boolean result indicating its availability (true) or unavailability (false). To configure custom egress IP available. For details, see Configure Ruleset with Custom Egress IP Available.

if available 2.png

Unavailability of Dedicated Egress IP

When a dedicated egress IP is not available, you can block the traffic or use Skyhigh shared IP. For details, see Configure an Egress IP Event.

event.png

 

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    This page has no tags.