Hi Nikhil,Thanks for posting.@Martin Schmitz - Did you receive any feedback from support that you could share here?Thanks,
So in the end, we still have no solid information on this. The plan is now that we'll have to test it ourselfs.... I would have done it in my lab, but I do not have the correct application to test with. So we are currently setting up a test-lab in the customer's network. Customer is a very (!) big company, so that is a project that takes a couple of weeks. Then I hope we can can convice the "customers customer" who requested this to provide us with a copy of the application.Btw, here is the answer I received from support:
Thank you for contacting Imperva Support.
I understand you have a query regarding the implementation of mTLS in your environment.
MTLS is supported in v13.6 for KRP and v14.x for NGRP.
From v14.5 it will be supported in TRP/ABR.
mTLS still a new feature and we have limited documentation available at the moment.
However, I can provide additional information on this in the form of FAQ's which have been copied below, along with links to the relevant documentation:
Is there any special configuration needed?
And documentation for Client/GW side (CA needs to be configured):
Are there any limitations?
https://docs.imperva.com/bundle/v14.4-web-application-firewall-user-guide/page/76813.htm (This list is not complete – it should be updated)
Do we need to have MTLS on both sides of the proxy or can we only have it on the GW/server side?
Are there any TLS version requirements?
– this is version dependent. V13.6 – v14.3 supports TLS 1.0 1.1 1.2 and v14.4 supports TLS 1.0 1.1 1.2 1.3. v14.5 will support TLS 1.2 & 1.3 only.
So if anyone has managed to set this up and test it successfully I'd be happy if that person could share the experience! Maybe even someone at Imperva has implemented this at some point? Or is there a new version of SuperVeda available that makes use of MTLS so we can use to test it?
You may also find this useful: