Hi Syed
Hope you are doing well.
I want to know from your post in step 3:
- Could I setup the new MX (virtual) have difference IP as old MX ?
- After the import config successfully, manually re-register ImpGW to new MX (virtual) => Have any interrupt service when GW re-register to new VM ?
Note for my situation:
- We have hardware MX working well.
- But for some reason, we want to build the new MX (VM150) to backup with hardware MX or maybe switch all GW to new MX for management.
So just want verify again some confuse information above.
Hope you can help
Thanks
------------------------------
Khoa Anh Le
Security Engineer
M.Tech Holdings Pte Ltd
Ho Chi Minh
------------------------------
Original Message:
Sent: 08-18-2022 06:06
From: Syed Noor Fazal
Subject: Migrate Imperva WAF from old to new Imperva WAF
Hi Prashant,
To answer your question,
1)First make sure the firmware version is same on both the devices (old and new device)
2)Once you have dine with the FTL with the new device, you can go ahead and import the mx config.
3)Hhile Importing the MX export on the new device make sure the old device is not connected to the internet, or else you may have duplicate ip address issue.
Sharing the steps for exporting the MX config, in case if you dont have the login access to the docs.imperva.com,
- SSH to the MX.
- Run the following commands:
cd /opt/SecureSphere/server/bin
./full_expimp.sh
The following screen appears:
Select operation:
1. Export
2. Import
3. List schemas in an existing export file
operation:
- Type
1
and hit Enter. The following screen appears:Please enter system password:
- Type the SSH password of this MX and hit Enter. The following screen appears.
Please select export type:
1. Full export
2. Exclude alert data
export type [1]:
- Type
1
and hit Enter. The following screen appears:Would you like to export failed archives data? [y/n] (default is n)
- Type
n
and hit Enter. The following screen appears:Please enter password for dump file encryption (leave blank to use system's password):
- Type any desired password and hit Enter. Make a note of the password. It is required for the import stage. The following screen appears:
Please enter password for verification:
- Retype the password and hit Enter. The following screen appears:
Enter a file name for operation:
file name [/var/tmp/SecureSphere_2021xxxx_xxxx]:
- Type the name of the file and hit Enter. The following screen appears.
You are about to perform the following:
Export all schemas (SECURE, SECURE_DA and all ODM)
The dump file will be encrypted
Are you sure? [Y/N]
- Type
Y
and hit Enter. The following screen appears:full_expimp (version 13.1.0) started on Wed Feb 3 15:58:17 IST 2021
This may take a while, log file is written to /var/tmp/SecureSphere_2021xxxx_xxxxxx.log
Creating TAR file
Encrypting TAR file (if no password was specified, encryption will use system's password)
full_expimp completed successfully on Wed Feb 3 15:59:45 IST 2021
------------------------------
Syed Noor Fazal
Product Support Engineer
Original Message:
Sent: 12-08-2021 01:57
From: Prashant Alhat
Subject: Migrate Imperva WAF from old to new Imperva WAF
Hello All,
I have some questioned regarding Imperva WAF Migration POA. Can any one help me with proper POA for the same.
I have already running Imperva WAF in production. which is going to expire soon.
we have purchase new Imperva WAF for the same. What steps or procedures should we perform for migrate old imperva waf to new imeprva waf. below is the scenario .
1- Copy MX MGMT config to new MX MGMT and replace new imperva WAF with old Imperva WAF.
2- Fresh and manually configure new imperva WAF with help of old Imperva WAF configuration.
If any other way is available kindly suggest.
#CloudWAF(formerlyIncapsula)
------------------------------
Prashant Alhat
Technical Consultant
Mumbai
------------------------------