Imperva Cyber Community

 View Only
  • 1.  Gateway not connecting on cluster

    Posted 09-30-2022 10:47
    Hi all,

    I have an issue when a gateway is moved to a configured Large Server Cluster. Visible alert/alarm/warning is something like "The redundant Gateway XPTO for Cluster XYZ is down or in use due to the failure of another Gateway in the Cluster. The Cluster currently has no redundancy". Behavior similar as reported in https://community.imperva.com/discussion/gateway-disconnected-from-cluster-manager.

    This environment was deployed recently, v14.8, with 12 GW (4 GW clusters with 3 GW each in "Dual - Separate agents Network" mode) managed by a MX-HA, with absolutely same HW/VM settings (excepting IP address, all settings are the same). MX and GW are not in the same VLAN (as recommended on Imperva docs), but they have fully communication each other, once 11 of 12 GW's was clustered successfully with this settings.

    On MX -> Setup -> Gateways, the gateway shows running. On MX -> Cluster Management -> MX -> tab Gateway Groups, the cluster envolved shows 2 running and 1 disconnected. On MX -> Cluster Management -> MX -> tab Gateways, the Running Status column shows "Initializing" since it was moved to Cluster, and when I move arrow on this status, it shows me "MX reports: Gateway Initializing. Cluster reports: Gateway Failed. Gateway reports: Running".

    I opened a support ticket, but the support team is claiming that the gateways and mx must be on the same VLAN, even though I have 11 gateways running correctly on clusters with exactly the same configuration, claiming that this could be the problem even without MX specific logs (or other location) related to the join failure of the GW involved in the cluster.

    How can I find specific cluster logs to see what can happening ?

    Regards
    #DatabaseActivityMonitoring

    ------------------------------
    Uiliam de Mello
    Information Security Analyst
    Brazil
    ------------------------------


  • 2.  RE: Gateway not connecting on cluster

    Posted 10-06-2022 16:20
    What do you see on your gateway logs? I recommend having 2-3 SSH sessions open where:
    1. on one window you make the change
    2. second window you tail the gw_log or use the alias "tail_gwlog"
    3. Periodically check the verbose log: impctl show log --verbose (unfortunately you cannot tail on these)

    I would also recommend following the instructions here: https://docs.imperva.com/bundle/v13.6-administration-guide/page/9127.htm Please double check the requirement like Model number and ports.


    ------------------------------
    Sarvesh Lad
    Tech Lead @ On-Prem Managed Services (WAF, DAM, DRA & Sonar)
    ------------------------------



  • 3.  RE: Gateway not connecting on cluster

    Posted 10-20-2022 19:27
    Hello Sarvesh, thank you for reply.

    I could solve this issue revalidating virtual machine settings of this GW, and I've identified that VLAN of listener interface was not "tagged" properly on vCenter. After adjust to correct VLAN tag of DB lan, GW was successfully added to cluster.

    Best regards,

    ------------------------------
    Uiliam de Mello
    Information Security Analyst
    Brazil
    ------------------------------