AWS Configuration Requirements for the Migration of VIP Services Platform to Amazon Web Services
Last Updated April 09, 2019
Symantec VIP services are hosted in multiple Amazon availability zones in the AWS Oregon [us-west-2] and Virginia [us-east-1] regions. To ensure uninterrupted connectivity from your VIP Enterprise Gateways and hosted custom applications to the Symantec VIP AWS-hosted cloud platform, review and update your configurations.
Use VIP Service domain name whitelisting. This is preferable to using IP netblocks.
Configure hostnames to recognize any sub-domain of *.vip.symantec.com. If you are unable to whitelist *.vip.symantec.com sub-domains, whitelist these specific hostnames:
services-auth.vip.symantec.com (port 443)
services.vip.symantec.com (port 443)
userservices-auth.vip.symantec.com (port 443)
goidservices-auth.vip.symantec.com (port 443)
liveupdate.symantecliveupdate.com (port 80)
liveupdate.symantec.com (port 80)
If you are unable to whitelist hostnames, update your firewall configuration to allow all outbound connectivity to the following IP netblocks.
Symantec VIP high-availability data centers are located in multiple regions. DNS resolves traffic to the active location using the URLs listed below. IP address pinning puts your organization at risk of service disruption during a VIP datacenter\DNS switch.
VIP ENTERPRISE GATEWAY, CUSTOM APPLICATIONS, AND ENTERPRISE INTEGRATION CONFIGURATION SETTINGS
The VIP Enterprise Gateway(s) and Web Services WSDL files are configured to use the following globally load-balanced URLs issued by Symantec VIP. Custom applications should point to these same relevant URLs.