Imperva Cyber Community

communities_1.jpg
 View Only

  • 1.  NGRP - KRP FIPS 140-2 Compliance

    Posted 02-21-2020 07:38

    Does the NGRP support Kernel Reverse Proxy web traffic decryption in FIPS mode? 

    Older implementations required a HSM (Hardware Security Module), does a virtual appliance need an HSM?


    #On-PremisesWAF(formerlySecuresphere)

    ------------------------------
    Rick
    ------------------------------


  • 2.  RE: NGRP - KRP FIPS 140-2 Compliance

    Posted 02-23-2020 05:47
    Hi Rick,

    From our dev team:
    FIPS mode is supported in NGRP. Was tested in v13.3.

    To configure NGRP in FIPS mode you should perform the following steps (if already in NGRP mode):

    1. impctl gateway stop
    2. impctl gateway openssl-fips enable
    3. impctl gateway start

     

    You must be in NGRP mode to move to FIPS enable (RP mode + NGRP flag on).

    In v13.x versions, need to move to NGRP mode first:

    1. impctl gateway teardown
    2. impctl gateway ngrp enable
    3. impctl gateway openssl-fips enable
    4. impctl boot

    Hope this helps.

    ------------------------------
    Rick Teplitz
    Manager, Technical Writing
    Imperva
    ------------------------------

    Original Message