Imperva Cyber Community

Expand all | Collapse all

Imperva WAF hybrid deployment fail

  • 1.  Imperva WAF hybrid deployment fail

    Posted 06-22-2021 07:51
    Hi All,

    We have an on-premises MX server and would like to deploy an Imperva gateway on AWS via CloudFormation. The CloudFormation failed with error "The following resource(s) failed to create: [GwWaitCondition].".

    The MX server connects with the gateway via site-to-site VPN and they can communicate with their actual IP address. The gateway deployed in public subnet with a default route pointing to internet gateway and dedicate route point to MX server.

    We tried to deploy the gateway in another AWS public subnet and success. Both success and failed subnet using the same route setting (default route pointing to internet gateway and dedicate route point to MX server). The only difference is the failed subnet has a NAT gateway in it but there is no route setting target to the NAT gateway.

    Is there any idea why the CloudFormation failed?

    Thanks.
    #On-PremisesWAF(formerlySecuresphere)
    #AllImperva

    ------------------------------
    Waf Support Itsd
    Support
    ------------------------------


  • 2.  RE: Imperva WAF hybrid deployment fail

    Imperva Employee
    Posted 06-24-2021 10:28
    Hi,

    The "wait condition" occurs when the GW cannot communicate to the internet. During deployment, the GW must communicate with the Amazon API or the deployment will fail. 

    If the gateway is deployed in a private subnet, the default route should be configured for 0.0.0.0/0 to route to the NAT Gateway.