Imperva Cyber Community

 View Only
  • 1.  Migrate Imperva WAF from old to new Imperva WAF

    Posted 12-08-2021 03:24
    Hello All,

    I have some questioned regarding Imperva WAF Migration POA. Can any one help me with proper POA for the same.

    I have already running Imperva WAF in production. which is going to expire soon. 
    we have purchase new Imperva WAF for the same. What steps or procedures  should we perform for migrate old imperva waf to new imeprva waf. below is the scenario .

    1- Copy MX MGMT config to new MX MGMT and replace new imperva WAF with old Imperva WAF.
    2- Fresh and manually configure new imperva WAF with help of old Imperva WAF configuration.

    If any other way is available kindly suggest.
    #CloudWAF(formerlyIncapsula)

    ------------------------------
    Prashant Alhat
    Technical Consultant
    Mumbai
    ------------------------------


  • 2.  RE: Migrate Imperva WAF from old to new Imperva WAF

    Posted 12-09-2021 15:07
    Hi,

    you have two ways.
    First - you can do everything from scratch. But If you want to keep the current configuration you should migrate WAF, and it is the second option.
    So if you bought the new MX and you want to keep the existing configuration you have to have the same IMPERVA version on both MX.
    Next, on the old one, you have to do "a full export system" ( https://docs.imperva.com/howto/75769035   https://docs.imperva.com/howto/d86af6cc  ) and recover it on the new one.
    When MX will be working well then you can connect the new gateways to the new MX. Please remember that the IMPERVA version has to be the same on all gateways - new and old ones.
    Next, you have to use the replacement mode in the gateway wizard. You HAVE TO USE the same name, IP, and rest of the settings from old to new.  https://docs.imperva.com/bundle/v14.3-administration-guide/page/7234.htm

    what should you choose?
    It depends on you. If your web profiles are big, old, and cluttered you can do everything from scratch.
    But if you have the perfect existing configuration then migrate the WAF.




    good luck!
    KAROL







    ------------------------------
    Karol Gruszczynski
    IT SECURITY EXPERT
    Trafford IT
    Warsaw
    ------------------------------



  • 3.  RE: Migrate Imperva WAF from old to new Imperva WAF

    Posted 08-18-2022 06:07

    Hi Prashant,

    To answer your question,

    1)First make sure the firmware version is same on both the devices (old and new device)
    2)Once you have dine with the FTL with the new device, you can go ahead and import the mx config.
    3)Hhile Importing the MX export on the new device make sure the old device is not connected to the internet, or else you may have duplicate ip address issue.
    Sharing the steps for exporting the MX config, in case if you dont have the login access to the docs.imperva.com,

    1. SSH to the MX.
    2. Run the following commands:

      cd /opt/SecureSphere/server/bin

      ./full_expimp.sh

      The following screen appears:

      Select operation:

      1. Export

      2. Import

      3. List schemas in an existing export file

      operation:

    3. Type 1 and hit Enter. The following screen appears:

      Please enter system password:

    4. Type the SSH password of this MX and hit Enter. The following screen appears.

      Please select export type:

      1. Full export

      2. Exclude alert data

      export type [1]:

    5. Type 1 and hit Enter. The following screen appears:

      Would you like to export failed archives data? [y/n] (default is n)

    6. Type n and hit Enter. The following screen appears:

      Please enter password for dump file encryption (leave blank to use system's password):

    7. Type any desired password and hit Enter. Make a note of the password. It is required for the import stage. The following screen appears:

      Please enter password for verification:

    8. Retype the password and hit Enter. The following screen appears:

      Enter a file name for operation:

      file name [/var/tmp/SecureSphere_2021xxxx_xxxx]:

    9. Type the name of the file and hit Enter. The following screen appears.

      You are about to perform the following:

      Export all schemas (SECURE, SECURE_DA and all ODM)

      The dump file will be encrypted

      Are you sure? [Y/N]

    10. Type Y and hit Enter. The following screen appears:

      full_expimp (version 13.1.0) started on Wed Feb 3 15:58:17 IST 2021

      This may take a while, log file is written to /var/tmp/SecureSphere_2021xxxx_xxxxxx.log

      Creating TAR file

      Encrypting TAR file (if no password was specified, encryption will use system's password)

      full_expimp completed successfully on Wed Feb 3 15:59:45 IST 2021



    ------------------------------
    Syed Noor Fazal
    Product Support Engineer
    ------------------------------