Imperva Cyber Community

communities_1.jpg
 View Only
  • 1.  Best practices on securesphere MX-HA

    Posted 08-20-2020 02:10
    Hi team

    I have a doubt on the securesphere management best practices. 

    My team and i was discussing on a MX-HA deployment with 2 cluster 2+1 (N+1) so we are planning to configure 2 MX v150 on HA using 3 interfaces per each MX and using 1 virtual ip for the HA admin, 1 management interface, 1 cluster (mx-ha) interface and 1 service (conection to GW) interface, also managing the virtual ip for the admin config, but one of my colleagues suggest why not configure the ha with the same admin interface, so the question: do you consider that 3 interfaces, one for each service is ok or we can save resources using the admin for cluster too?
    #DatabaseActivityMonitoring

    ------------------------------
    Jose Bolanos
    SISAP
    ------------------------------


  • 2.  RE: Best practices on securesphere MX-HA
    Best Answer

    Posted 08-21-2020 12:26

    Hi Jose,

    For virtual MX-HA deployments, it is recommended to have 2 interfaces consolidating the management (GUI), the LAN (connection to GW) interfaces as a single interface, while splitting out the cluster interface (db replication) to a separate interface. Physical would be different to segment traffic across different physical interfaces, but in a virtual world, this is handled by the hypervisor at the physical interfaces level.

    Remember also that each GW must have its bootstrap modified so that it will accept MX communication from both base IP addresses, as the outbound traffic from the MX does not use the VIP.  Hope this helps!

    Brian Anderson



    ------------------------------
    Brian Anderson
    ------------------------------



  • 3.  RE: Best practices on securesphere MX-HA

    Posted 09-01-2020 19:01
    Very thank you for your help Brian, have a great day!

    ------------------------------
    Jose Bolanos
    SISAP
    ------------------------------