Imperva Cyber Community

Expand all | Collapse all

Imperva WAF deployment in Azure

  • 1.  Imperva WAF deployment in Azure

    Posted 04-06-2020 02:00
      |   view attached

    I was trying to deploy the following product in Azure. Tried both ARM template and portal deployment.
    -Publisher 'imperva' `
    -Product 'securesphere-waf-v13' `
    -Name 'imperva-securesphere-waf-1' 

    Both failed when executing customlinux script on the Gateway VM the same error below.

    Can anyone advise where I can get correct ARM template or how the existing template can be fixed, please?

    "name": "CustomScriptForLinux",
    "statuses": [
    "code": "ProvisioningState/failed/1",
    "displayStatus": "Provisioning failed",
    "level": "Error",
    "message": "Command returned an error.\n---stdout---\n2020-04-05 19:15:41 - azure_arm: ERROR: Gateway FTL finished with errors. (rc=2)\n\n---errout---\n\n",
    "time": null
    "substatuses": null,
    "type": "Microsoft.OSTCExtensions.CustomScriptForLinux",
    "typeHandlerVersion": "1.5.4"



    zip   3K 1 version

  • 2.  RE: Imperva WAF deployment in Azure

    Community Manager
    Posted 04-07-2020 13:40
    @Constantine Welling, although this doesn't answer all of your question, I will lead you to some documentation that we have around it. I will continue to look for some experts to help answer. 

    1. Deploying SecureSphere on Azure ​​ - Note: The procedures in this section are based on the new Azure portal.
    2. Performing First Time Login on SecureSphere on Azure - To set up your new Azure virtual machine as either a Management Server or a Gateway, you need to perform the First Time Login procedure
    3. Azure Post Deployment Review - After setting up the SecureSphere virtual machines, perform the following actions to ensure that they will work properly on Azure.
    4. Hybrid Mode for WAF on Azure - Hybrid Mode enables you to expand your on-premises setup's capacity by adding Gateways in the cloud.

    Christopher Detzel
    Community Manager

  • 3.  RE: Imperva WAF deployment in Azure

    Posted 04-07-2020 14:21
    Thanks Christopher.

    2. is what I did pretty much. FTL procedure manually.

    To achieve that I configured external load-balancer for inbound SSH access to the gateway.
    Then entered admin mode, checked Azure_arm logs are stored in /var/log/azure_arm.log and initiated /opt/SecureSphere/impcli/commands/ftl manually.

    The root cause ARM template fails is that azure_arm script in the template lack of --product=WAF parameter.

    /opt/SecureSphere/azure/bin/azure_arm --component=<> --password=<> --gateway_group=<> --timezone =<> --management_ip=<> --model_type=<>  --product=<>

    Would be nice to get a trial license for SecureSphere. I have sent a request but no response yet.

    Constantine Welling