Hi Kabilan,
A work-around you can consider which is done by few of our customers is to setup your own "GW HA".
If you have a Layer 7 load balancer that can generate periodic urls with basic attack, you can use it as a "healthcheck" for the gateways.
As long as your device gets the blocking page, it knows that the gateway is up and running in "protected mode".
If the device doesn't get the blocking page, it means that traffic is passing through unprotected and it should trigger traffic fail-over to the working device (the one who's blocking).
Please note - this is something that should be done by your network team and not by Imperva.
I hope it helps :)
------------------------------
Zuki Derech
------------------------------
Original Message:
Sent: 11-27-2019 05:43
From: Kabilan Senthamil Selvan
Subject: Automate Fail-mode configuration
In a on-premise environment with Active-Passive setup, with two gateway per gateway group with "Fail Mode : Fail_Close" to failover while device run into issue or trouble in handling live traffic.
In exceptional scenario, If both gateways in a gateway group fails then live traffic will get stuck and all traffic may get dropped.
So our idea is to create some possible option to automate "Fail Mode" configuration to "Fail_Open" (without any manual intervention) to make sure there is no disturbance to live traffic.
Do anyone have idea or possible way to achieve it?
#On-PremisesWAF(formerlySecuresphere)
------------------------------
Kabilan Senthamil Selvan
------------------------------