Blogs

Imperva FAQ's About Products

By Christopher Detzel posted 06-13-2019 11:22

  

General questions customers have about Licensing, MX SoM and more

  • License are applied to the MX and SoM
  • There is no license on the GW
  • There are two types of licenses - perpetual and Flex-Protect
  • A perpetual license is for a fixed amount of devices and services and typically cover 1 calendar year, and are deployment specific
  • A Flex-Protect license can cover a variety of devices depending on the requirements, and cover multiple deployments – on-prem, AWS/AZURE, or hybrid

What are Activation's and how are they used?

  • Activation's are for virtual deployments
  • An activation is the ability to create a new license on demand
    • Under Flex-Protect you have 100 activation's
    • Under perpetual you have 5
    • The reason is the Flex-Protect must be able to cover more devices, the perpetual is specific MX or SoM
  • An activation is used when you move an instance to another VM
    • When you do that it will change the challenge and you will need a new license
    • An activation allows you to make these moves and generate a new license on your own
  • An activation under Flex-Protect also allows you to create a new instance and then generate a new license

What is a challenge?

  • A challenge is a unique string that is only associated with one MX or SoM
    • There are no duplicate Challenges
  • A license is generated based the challenge
    • A license can only be applied to a MX or SoM with the corresponding challenge
  • Why am I always asked for my challenge when opening a case
    • The challenge is also associated with a site record
    • Support uses it to ensure that a case is being opened by an active customer and help ensure that it is not an attempt to manipulate the Support process.

Migration to the Public Cloud

  • When does Imperva recommend you move to the public cloud through AWS? 
    • Imperva recommends a hybrid deployment which allows the current on-prem deployment to remain while creating a private cloud deployment.
    • Using Flex-Protect one MX can manage both the on-prem and AWS gateways
    • Business can be moved to AWS at a pace that is comfortable for you
  • Contact your account team for details on Flex-Protect and hybrid deployments

Currently have on-prem WAF inline, why should we go to KRP

  • There are two main reason to convert form inline to KRP
  • The first is compliance
    • In bridge or inline mode the gateway cannot decrypt Diffie Hellman based ciphers
    • This leans to non-compliance as more and more applications standardize on DHE ciphers
  • The second is an additional layer of protection
    • By deploying KRP the gateway will receive any malicious activity first
    • This allows the application to remain untouched as the gateway mitigates the threat

 Need to deploy DAM on my MS-SQL servers, anything I should know

  • For the most part deploying an agent on an SQL server is the same as deploying an agent on any other OS
  • The primary difference is that MS has standardized on Diffie Hellman ciphers for DB connection encryption
    • In order to decrypt these connections and subsequently inspect them you will need to configure Advanced monitoring
    • It is specifically for MS SQL server
  • The DB Users Guide has the details on how to set this up

#WebApplicationSecurity
#ADC
#AWS
#DataRiskAnalytics(formerlyCounterBreach)
#ADC
0 comments
94 views

Permalink