Imperva Cyber Community

communities_1.jpg
 View Only
  • 1.  HSM and SSL accelerator card Relation

    Posted 08-03-2021 10:56
    We are using ssl accelerator card, 
    My question is in order to perform ssl offloading by ssl card, do we need to enable HSM when we upload the certificate on WAF?
    #On-PremisesWAF(formerlySecuresphere)

    ------------------------------
    Nishanth M
    Allianz Technology.
    ------------------------------


  • 2.  RE: HSM and SSL accelerator card Relation

    Posted 08-05-2021 08:09
    Hi Nishanth,

    Thanks for posting. 

    This link on our Imperva Documentation Portal​​ may help answer your question. Here is the main content...

    " On-Premises (SecureSphere) gateway supports Hardware Security Module ( HSMs ) cards and SSL Accelerator cards. 

    Below description can help you to choose which card to use 

    • When On-Premises (SecureSphere) gateway installed with HSM card already, you will not need an SSL accelerator card, as HSM card also includes SSL acceleration function inside.
    • When On-Premises (SecureSphere) gateway is configured as non active mode ( sniffing or transparent bridge) , it does not participate in SSL termination, if FIPS complince is not required for the traffic and only SSL Accelerator card installed then HSM is optional.
    • When On-Premises (SecureSphere) gateway is configured as reverse proxy mode ( KRP or TRP ), it participate in SSL termination, hence HSM is required for FIPS compliance, you will need both SSL accelerator card and HSM card.
    • For On-Premises (SecureSphere) to be FULLY compliant with FIPS, HSM card is required regardless of the mode of the gateway. "

    Let me know if you require further information.

    Thanks,

    ------------------------------
    Sarah Lamont
    Digital Community Manager
    ------------------------------