Imperva Cyber Community

communities_1.jpg
 View Only
  • 1.  Registering Gateways to MXHA VIP Fails

    Posted 09-19-2021 11:43

    We are doing the implementation for the DAM/DBF solution at MEWA – KSA , we have deployed the Imperva Virtual Appliances  MX1(10.156.100.115) , MX2(10.156.100.116), GW1 (10.156.100.117) & GW2 (10.156.100.118).

    After the FTL & initial configuration of the MX we have configured the MX-HA . MX-HA is successfully setup (VIP 10.176.100.121) as per the documentation given in administration guide however we are unable to register the Gateways to MXHA VIP.

    A brief as to what we have done.
    Deployed 2  MX  VM 150 from 14.5 OVF Package

    Deployed HA on VM150 As  MXHA Package was not available for 14.5  and as suggested by Support to use 14.6 MXHA package .

    Created 2 GW   V6500 , done the initial FTL configuration and encountered the below issue while registering to the management server MX150.  

    Upon checking the logs with impctl show log command we found the below error.

    Error:

    impctl show log | grep FATAL

    impctl_legacy gateway register                     FATAL      [impctl/bin/gateway/register:555 _verify_compatible_mx_version_and_product_type] _verify_compatible_mx_version_and_product_type: No response from Management Server for the product query. Please contact support. (exit status: 100)

    impctl_legacy gateway register                     FATAL      [impctl/bin/gateway/register:693 register_gateway] Cannot connect to 10.156.100.121:8083 [HTTP: 450 APP: response code is 450. no elements eaec060e-9122-4f3e-b792-52f46f27e7e9 of type [Gateway] not found.] (exit status: 100)

    impctl_legacy --no-trace gateway register --encoded-password U2FsdGVkX19k057JznqD/UUwMSLuMLad7howIu0cnhc= FATAL      [impctl/bin/gateway/register:555 _verify_compatible_mx_version_and_product_type] _verify_compatible_mx_version_and_product_type: No response from Management Server for the product query. Please contact support. (exit status: 100)

    impctl_legacy --no-trace gateway register --encoded-password U2FsdGVkX19k057JznqD/UUwMSLuMLad7howIu0cnhc= FATAL      [impctl/bin/gateway/register:693 register_gateway] Cannot connect to 10.156.100.121:8083 [HTTP: 450 APP: response code is 450. no elements 50d016fd-cced-4014-b05b-0cf0e4f89acf of type [Gateway] not found.] (exit status: 100)

    impctl_legacy --no-trace gateway start --prepare   FATAL      [impctl/bin/gateway/start:134 main] Cannot register gateway (vendor: Imperva) (exit status: 7)

    impctl_legacy --no-trace service start gateway --prepare FATAL      [impctl/bin/service/start:217 main] Failed to start service "gateway". (exit status: 7)

    impctl_legacy --no-trace start --prepare           FATAL      [impctl/bin/start:81 start_gateway] Cannot start gateway (exit status: 7)

    impctl_legacy boot                                 FATAL      [impctl/bin/boot:169 main] Cannot start --prepare (exit status: 7)

    [root@Prod-Imperva-GW2 ~]# timed out waiting for input: auto-logout



    We are stuck with this issue and unable to move forward with the Implementation of DAM solution.
    Thanks in advance.

    Aleemuddin

     


    #DatabaseActivityMonitoring

    ------------------------------
    Aleemuddin Mohammed
    Oracle Database Administrator
    ------------------------------


  • 2.  RE: Registering Gateways to MXHA VIP Fails

    Posted 09-20-2021 05:07
    Have you edited the bootstrap.xml file, admin-ips tag as mentioned here https://docs.imperva.com/bundle/v13.6-administration-guide/page/8601.htm ?

    ------------------------------
    George Gkiouzelis
    System & Network Security Engineer
    Nicosia
    ------------------------------



  • 3.  RE: Registering Gateways to MXHA VIP Fails

    Posted 09-20-2021 05:14
    Hi George 

    Thanks for ur response . Yes we did add the MX1 and MX2 Entries in the bootstrap.xml file.

    Regards
    Aleem

    ------------------------------
    Aleemuddin Mohammed
    Oracle Database Administrator
    ------------------------------



  • 4.  RE: Registering Gateways to MXHA VIP Fails

    Posted 09-21-2021 06:31
    Hi,

    1. Did you install the oracle data guard files downloaded from IMPERVA FTP?
    2. Did you configure the heartbeat on eth1? (eth0 is management)
    3. Did you trust the gateways between each other?


    impctl hardening config –root-source-ip-exception=<vip>

    impctl hardening config –root-source-ip-exception=<other_MX private interconnect>

    impctl hardening config –root-source-ip-exception=<other_MX physical>

    4. Did you exchange ssh certificates between gateways for users: root, oracle


    I know that should be done by the wizard, but sometimes it doesn't work by default....

    ------------------------------
    Karol Gruszczynski
    IT SECURITY EXPERT
    Trafford IT
    Warsaw
    ------------------------------



  • 5.  RE: Registering Gateways to MXHA VIP Fails

    Posted 09-21-2021 06:35
    And one more crucial thing.

    The MX has to be in the same version as the gateway, or the gateway can be in a higer (newer) version as MX. Never the other way around.

    ------------------------------
    Karol Gruszczynski
    IT SECURITY EXPERT
    Trafford IT
    Warsaw
    ------------------------------



  • 6.  RE: Registering Gateways to MXHA VIP Fails

    Posted 09-22-2021 07:47
    Hi Karol

    Thank for ur response .

    Yes we have don all that u mentioned in the previous email . The issue we figured out was that MXHA for 14.6 is not compatible with 14.5 version of MX and  GW. so we upgraded MX,GW to 14.6 and then we configured MXHA 14.6. so it worked fine . I was told by the support  that  MXHA 14.4 or 14.6 will work on 14.5 MX and GW which does not .

    Regards

    ------------------------------
    Aleemuddin Mohammed
    Oracle Database Administrator
    ------------------------------