Hi Clydie,
If you have a perpetual (on-prem) license, then yes, you can continue to login to the GUI and make any changes you need. However, your maintenance license expiring will keep you from pulling updates (security policies, ThreatRadar, etc...) from Imperva, applying patches and doing upgrades. So, you'll want to get your maintenance renewed as soon as possible so your critical policies don't become stale, and critical product updates can be applied as needed. Keeping your security products at the cutting edge is how you stay ahead of the bad guys. :-)
------------------------------
Rich Blais
------------------------------
Original Message:
Sent: 09-22-2020 03:30
From: Clydie Oliamot
Subject: KRP Questions
Hi guys,
If license is already expired can we still be able to add or create new service in a site tree?
Thank you.
------------------------------
Clydie Oliamot
Original Message:
Sent: 09-14-2020 00:42
From: Clydie Oliamot
Subject: KRP Questions
@Jason Park
Each of our origin server has different certificates so i separate them in services, so each service in our server group has different certificate and gateway port.
------------------------------
Clydie Oliamot
Original Message:
Sent: 09-11-2020 11:14
From: Jason Park
Subject: KRP Questions
@Clydie Oliamot
You are not adding the same service to the same server group multiple times are you? I am not sure if this is the issue, but you know you cannot have two services with the same ports under one server group (at least not the last time I tried it)?
Make sure you you have one server group and one service containing each port number (e.g. that HTTPS on TCP 443 is not in two different services in the same server group). One service can handle multiple certificates and multiple ports. If you need to separate the services in order to contain multiple instances of the same port number, then it is probably best to separate the server groups, keeping in mind the limitation on server groups in the documentation @Rich Blais and @Brian Anderson provided.
If that is not the issue you are running into please ignore this post :)
------------------------------
Jason Park
County of Los Angeles
CA
Original Message:
Sent: 09-10-2020 23:37
From: Clydie Oliamot
Subject: KRP Questions
Thank you for answering my questions.
I got an issue in which my services will not work whenever i add another service or server group in a site tree. I tried removing or delete the newly add service then it will work again. By the way we are deploying KRP in one arm device model X2500.
Could this be that the gateway can't handle too much traffic or gateway takes time to establish handshake with the origin server cause i notice that this issue only occur in https or the mx server need time to process the changes?
I am actually lost. Thank you in advance.
------------------------------
Clydie Oliamot
Original Message:
Sent: 09-04-2020 15:03
From: Brian Anderson
Subject: KRP Questions
Hi,
To add to @Rich Blais's response, I wanted to share examples (please see attached) of how to create the site tree, services, and krp rules via API. Also, please see a tool on github that will help come up to speed using our APIs. This may help to streamline the process for you as well.
https://github.com/imperva/imperva-web-api-composer
https://docs.imperva.com/bundle/v13.6-web-application-firewall-user-guide/page/522.htm
------------------------------
Brian Anderson
Original Message:
Sent: 09-02-2020 23:23
From: Clydie Oliamot
Subject: KRP Questions
Hi guys,
We deploy our WAF in KRP mode. So i was planning to create server group with several services since each of our services has its own certificate and we have lots of services.
1. Is there any limitation in creating server group?
2. How does server group works?
3. How many services we can create in a server group?
5. Is there any requirement for faster process?
5. If we created lots of services in a server group, can this hamper each others process?
6. Is there other way so lessen the services in a server group?
If you guys have article to read about Kernel Reverse Proxy that would be a great help.
Thank you
#On-PremisesWAF(formerlySecuresphere)
------------------------------
Clydie Oliamot
------------------------------