Imperva Cyber Community

Expand all | Collapse all

Best practice for adding a server group hosting multiple applications

  • 1.  Best practice for adding a server group hosting multiple applications

    Posted 11-15-2019 07:38
    Hi Team,

    Please help to understand the best way to add a new server which is hosting multiple applications.
    #On-PremisesWAF(formerlySecuresphere)

    ------------------------------
    Pankaj Chouhan

    ------------------------------


  • 2.  RE: Best practice for adding a server group hosting multiple applications

    Imperva Employee
    Posted 11-22-2019 10:58
    Hi Pankaj,

    Is your SecureSphere WAF deployment running in Bridge mode or KRP? (kernel reverse proxy)

    ------------------------------
    Jaired Anderson
    Senior Professional Services Consultant
    imperva
    Tulsa OK
    ------------------------------



  • 3.  RE: Best practice for adding a server group hosting multiple applications

    Posted 11-25-2019 01:51
    Hi,

    WAF is running in Bridge mode.

    ------------------------------
    Pankaj Chouhan
    Inspira Enterprise India Pvt. Ltd.
    Mumbai
    ------------------------------



  • 4.  RE: Best practice for adding a server group hosting multiple applications

    Posted 11-25-2019 23:23
    Hi,

    The WAF is deployed here in bridge mode.
    We have a shared server that is hosting multiple applications (15 Apps).
    14 out of 15 are using a common SSL certificate and the 15th one is having a different certificate.

    Now, i have created a server group with the IP of the shared server and created a service.
    In the service i have defined each application individually and done the mapping also.
    After that  i have uploaded both SSL certificates at service definition tab.

    But, when i am enabling the TRP i can see some issues.

    1. I can use TRP for one certificate only.
    2. When TRP is enabled , the certificate associated with TRP is visible to all applications while browsing.

    Please help in this regard.

    Thank you !

    ------------------------------
    Pankaj Chouhan
    Inspira Enterprise India Pvt. Ltd.
    Mumbai
    ------------------------------



  • 5.  RE: Best practice for adding a server group hosting multiple applications

    Imperva Employee
    Posted 12-09-2019 11:01
    Hi Pankaj,

    Server Name Indication can be used with TRP to leverage multiple certificates.

    Please see: https://docs.imperva.com/bundle/v13.5-web-application-firewall-user-guide/page/69409.htm

    ------------------------------
    Jaired Anderson
    Senior Professional Services Consultant
    Imperva
    Tulsa OK
    ------------------------------



  • 6.  RE: Best practice for adding a server group hosting multiple applications

    Posted 29 days ago
    Hi Jaired,

    I am interested in the same situation but for KRP mode, is there a way to assign one certificate for each application in the same server on KRP?

    Thanks in advance,
    Cristian

    ------------------------------
    Cristian Casanova
    Luz del Sur S.A.A.
    Lima
    ------------------------------



  • 7.  RE: Best practice for adding a server group hosting multiple applications

    Imperva Employee
    Posted 29 days ago

    Hi Cristian,

    SNI support applies to KRP as well.

    Please see: https://docs.imperva.com/bundle/v13.6-web-application-firewall-user-guide/page/69409.htm?_ga=2.36157728.1074398984.1592230764-1422851998.1564074058&_gac=1.220343980.1588951874.EAIaIQobChMI2uvc98qk6QIVTZyzCh2xHQ5BEAAYASAAEgJIbPD_BwE 

    However, if you would like to use one certificate for multiple sites then you will need a certificate with multiple SANs. (Subject Alternative Names)

    Thank you.



    ------------------------------
    Jaired Anderson
    Principal Consultant
    Imperva
    Tulsa OK
    ------------------------------