Secure Web Gateway uses the Global Routing Manager (GRM) service for intelligent routing, load balancing, and failover. Web traffic is routed to the best available Point of Presence (PoP), which is a geo-located entry point into the cloud.
To avoid issues with this traffic management, complete the following as needed:
Configure your firewall — If you have set up a firewall to protect your network, allow traffic to the inbound IP address ranges of the networks for the Points-of-Presence (PoPs) we have set up in the firewall access list.
This ensures access to the PoPs is not blocked by your firewall.
- Configure access to business-to-business services — If you are running business-to-business services with business partners who restrict access based on source IP addresses, forward outbound IP address ranges of the networks for the Points-of-Presence (PoPs) to them, so they can enter these in their access lists.
This ensures you can connect to your business-to-business services through the PoPs.
A list of the IP address ranges you should allow in your firewall access list and forward to your business partners is provided at a status site, see Skyhigh Security Status - Skyhigh Secure Web Gateway.
The list is available there under Setup > IP Addresses/Ranges.
In this list:
IP address ranges are marked according to whether they are used for inbound or outbound traffic, or for both.
- IP address ranges of networks that have been deactivated are crossed out.
You can export this list as a file in .txt (for inbound or outbound IP address ranges), .cvs, or .json format.
A map that shows the physical location of the networks for our PoPs is also provided at this site, as well as information about statuses and maintenance windows.
Additional Lists of Network Parameters
In the following, two more lists of parameters you can use when configuring settings for our networks are provided. In these lists, you will find information about:
Protocol and ports for backend services
- IP address ranges for configuring access logging and other functions
List of Protocols and Ports for Backend Services
The following table lists network protocols and ports for backend services that are related to web filtering under Secure Web Gateway.
|TCP||80||HTTP or HTTPS proxy: SCP, explicit, and forwarding|
|TCP||8080||HTTP or HTTPS proxy: SCP, explicit, and forwarding|
|TCP||443||HTTP or HTTPS proxy: forwarding|
|TCP||8081||SCP Secure Channel|
List of IP Address Ranges for Configuring Access Logging and Other Functions
The following table lists IP address ranges you can use to configure access logging and other functions under Secure Web Gateway, such as reporting or Hybrid policy synchronization.
Information about ports, physical location, and related DNS names is also provided.
|Physical location (region)||Physical location (country)||IP address range||Port||Purpose||Related DNS name|
|Americas||Canada||126.96.36.199/24||443||Access logs, reporting||ca.logapi.skyhigh.cloud|
|Americas||United States||188.8.131.52/24||443||Hybrid policy synchronization||policysync.skyhigh.cloud|
|Americas||United States||184.108.40.206/24||443||Access logs, reporting||us.logapi.skyhigh.cloud|
|Americas||United States (Las Vegas)||220.127.116.11/24
|443||Fetching server certificates on the user interface||n/a|
|Asia/Pacific||Australia||18.104.22.168/24||443||Access logs, Reporting||au.logapi.skyhigh.cloud|
|Asia/Pacific||India||22.214.171.124/24||443||Access logs, Reporting||in.logapi.skyhigh.cloud|
|Asia/Pacific||Singapore||126.96.36.199/24||443||Access logs, reporting||sg.logapi.skyhigh.cloud|
|Europe||England||188.8.131.52/24||443||Access logs, reporting||gb.logapi.skyhigh.cloud|
|Europe||Germany||184.108.40.206/24||443||Access logs, reporting||de.logapi.skyhigh.cloud|
|Middle East||Saudi Arabia||220.127.116.11/24||443||Access logs, reporting||sa.logapi.skyhigh.cloud|
|Middle East||United Arab Emirates||18.104.22.168/24 and
|443||Access logs, reporting||ae.logapi.skyhigh.cloud|