problem resolved by enabling the Activate Settings.
Original Message:
Sent: 11-11-2020 21:34
From: Louis WAF
Subject: Does it have impact on traffic flow during a WAF patch installation/software upgrade?
Hi Stefan, and Anderson,
Thank you very much for your prompt reply.
We target to upgrade to at least v13 which will fix several vulnerabilities detected by Nessus.
As far as I understand your advice, generally speaking:
There shall be no service impact during running the patch as following example:
>>> "Run the patch by typing ./[patch filename]
For example: ./SecureSphereV11.5-x86_64-Patch1_0.x"
A graceful reboot would inevitably cause traffic to be temporarily interrupted because "because the OS has to process the orderly shutdown of the kernel processes and the network interfaces. It then has to bring up the network interfaces, auto-negotiate speed and duplex"
>>>"Reboot the machine only after receiving the message that the patch has been successfully installed."
To minimise potential impact, I have to configure the GW to fail-open the bridge connection because "If the gateway is in fail-open mode (bypass mode), during upgrade, traffic will be down only for up to 10 seconds while the gateway is being rebooted once time at the end of the upgrade."
I observe that we are working in IMPVHA Bride mode as what is shown in Main>Setup>Gateways>Filter>By Mode
STP Bride
Gateway
No data found
IMPVGA Bride
Gateway Status Active .. .. Model Appliance Type
ERBWAF01 Running Yes .. .. X2010 Physical
Sniffing
Gateway
No data found
Reverse Proxy (Apache)
Gateway
No data found
Reverse Proxy Kernel
Gateway
No data found
With reference to the Admin Guide, under the Gateway Groups section, I tried in vain to configure the GW to fail-open the bridge connection because there is no option for me to select a fail mode as the attachment shows. Could you advise too? Thanks again.
------------------------------
Louis WAF
Original Message:
Sent: 11-11-2020 03:45
From: Louis WAF
Subject: Does it have impact on traffic flow during a WAF patch installation/software upgrade?
We are running Imperva WAF X2010 which is one physical appliance, and I have been tasked with installing patches on our Imperva WAF X2010.
I have been told that if the Imperva WAF is running some modes, there will be no impact on traffic flow during a patch installation/software upgrade. Is that true? And what modes/settings would allow this to happen?
How about the impact on traffic flow in case of a reboot? Or even when the WAF is powered off?
One more question, the WAF's Software Update screen shows as follows. Does it mean I need to install patches twice, one for MX, and another for Gateway, though they are in on physical appliance?
Component type: MX
Currently installed: v11.5.0.30
Target version: v11.5.0.95 (SecureSphereV11.5.0-x86_64-Patch95_0.x)
Component type: Gateway
Currently installed: v11.5.0.30
Target version: v11.5.0.95 (SecureSphereV11.5.0-x86_64-Patch95_0.x)
Any advice would be appreciated.
#On-PremisesWAF(formerlySecuresphere)
------------------------------
Louis WAF
------------------------------