Imperva Cyber Community

communities_1.jpg
 View Only
  • 1.  Advanced Bridge Mode bug workaround

    Posted 08-06-2021 07:29
    Hello Imperva specialists,

    I'm deploying an on-prem WAF in ABR mode(the newly released on - 14.3).

    Its main advantage is that it can work with the more advanced DHE ciphers, which it does brilliantly.

    However, on each reboot it fails to start, reporting: registered, not-running

    The error I get when I try to start it is:

    [root@GWWAF ~]# impctl gateway start --prepare

    GW Advanced Bridge mode supports Transparent Reverse Proxy rules only. Any legacy ports should be converted to TRP rules prior to mode change. For more information please contact support

    Cannot start gateway (exit status: 7)

    I am able to get it up and running by unregistering the GW, registering it again, and finally starting it with the --prepare argument:

    impctl gateway unregister

    impctl gateway register

    impctl gateway start --prepare 

    Doing this manually is one thing, automating the task, so it executes after each boot is another

    I've encountered an error when creating a custom service which executes a bash script with the above commands,
    linux doesn't recognize impctl as a legitimate command, and won't let it run as such.

    Any alternative way of fixing this issue?


    #On-PremisesWAF(formerlySecuresphere)

    ------------------------------
    Jovan Marinković
    Cyber-Security Engineer
    Mantasystem
    Belgrade
    ------------------------------


  • 2.  RE: Advanced Bridge Mode bug workaround

    Posted 08-08-2021 07:41
    Hi Jovan,

    In order to switch to AABR mode you first need to remove any of the TLS and HTTP ports configured on the service level.
    I suggest you revert back to TRP mode , remove the ports , add all the ports you desired to protect as TRP rules then move back to ABR.
    Please notice that if when using ABR mode all ports that you which to protect must be configured under TRP rules .

    ------------------------------
    Michael Sorin
    Software Engineer
    Tel Aviv CA
    ------------------------------



  • 3.  RE: Advanced Bridge Mode bug workaround

    Posted 08-13-2021 09:47
    Hi Michael,

    Thanks for the clarification.
    I performed those steps in that exact order and the issues are gone.

    This should be explained more clearly in the user interface and documentation, imho.

    ------------------------------
    Jovan Marinković
    Cyber-Security Engineer
    Mantasystem
    Belgrade
    ------------------------------