browse
Overview
Secure Web Gateway (SWG) traffic is load-balanced across a number of proxy instances with different IP addresses. However, as of February 2022 SWG now provides a consistent egress IP for all outgoing web requests using a feature we call 'Persistent IP'.
'Persistent IP' now applies to (almost) all web traffic. This feature mitigates potential problems that might occur when websites track the source IP address as part of the session.
Alert:
Persistent IP is not currently available for traffic using Umbrella's Remote Browser Isolation feature (RBI). This only applies when the 'Isolate' action is configured for a rule in your Web Policy.
Egress IP Range
The introduction of this feature means SWG now uses a new egress IP address range. For details on the IP address range used by Umbrella SWG see this article.
https://support.umbrella.com/hc/en-us/articles/360059292052-Additional-Egress-IP-Address-Range
IP Persistence Problems
A website may choose to store the source IP of the user along with their "session". Typically (but not always) this would be websites which require login credentials and the source IP is also "validated" to check the session is still valid. A persistent IP is also required for websites that use TLS session resumption (rfc5077)
If a persistent IP is not used these websites may behave unexpectedly and may intermittently "log out" the user or present intermittent error messages.
Umbrella SWG is now compatible with these websites.
If you think a website is having problems related to IP persistence please check the following:
- Check if the category / application / destination is subject to 'Isolate' action in your web policy. Verify if the issue still happens without Remote Browser Isolation. This traffic does not use the 'Persistent IP' feature
- Contact Umbrella support to check your organization settings. A small number of customers have temporarily disabled the 'Persistent IP' feature to allow time to account for the new IP range.
FAQ
Q). Do I need to take any action to enable 'Persistent IP' for a website?
No. In the past this feature was only enabled for some domains (those with HTTPS inspection disabled). However, this feature now applies to all destinations.
Q). Does the feature work for both HTTP / HTTPS traffic?
Yes.
Q). Do I get a fixed static IP address?
No. This feature provides a persistent egress IP address for subsequent web requests in the same session. But we do not provide a fixed/static IP address for each organization. Umbrella is a multi-tenant platform and multiple customers will share the same egress IP address.