Imperva Cyber Community

Expand all | Collapse all

Running Virtual Appliance as Bridge Mode on ESX

  • 1.  Running Virtual Appliance as Bridge Mode on ESX

    Posted 16 days ago
    Hi everyone,

    If we want to deploy virtual appliance as bridge mode on ESX, how should we configure virtual switches and port groups on ESX to pass traffic through the gateway without latency or other network issues?
    #DatabaseActivityMonitoring
    #On-PremisesWAF(formerlySecuresphere)
    #AllImperva

    ------------------------------
    cezmi çal
    technical expert
    Barikat Cyber Security
    ------------------------------


  • 2.  RE: Running Virtual Appliance as Bridge Mode on ESX

    Imperva Employee
    Posted 16 days ago
    Hi Ceszmi

    In general terms, you'd still use one interface for ingress (client side) and one interface for egress (server side) and simply use VLANs on your ESX vSwitches.

    In our labs this is what we do, with an ingress VLAN connected to the ingress interface on the VM and the egress VLAN connected to the egress interface. Managing the traffic from a VLAN perspective on your vswitches then simply becomes a matter of standard software defined networking, which the networking team should be able to do as a matter of course.

    As long as the traffic coming from your upstream device (firewall, edge router, etc) is tagged correctly and the downstream device(s) are set to accept the correct egress VLAN tags all should be good.

    ------------------------------
    Stefan Pynappels
    Escalation Engineer
    Imperva
    ------------------------------



  • 3.  RE: Running Virtual Appliance as Bridge Mode on ESX

    Posted 16 days ago
    Hi Stefan,

    Thanks for the general info about the issue. Actually what I wonder is that how should I configure distributed switch and port group security policies on ESX when VLAN tags are used on network. For example; is the images below also valid for Imperva?

    http://techiezone.rottigni.net/wp-content/uploads/2008/11/schema-for-connecting-two-vswitch-with-sg-ips-in-esx.jpg


    ------------------------------
    cezmi çal
    technical expert
    Barikat Cyber Security
    ------------------------------



  • 4.  RE: Running Virtual Appliance as Bridge Mode on ESX

    Imperva Employee
    Posted 15 days ago
    Hi Cezmi,

    For more information, please review: https://docs.imperva.com/bundle/v13.5-vmware-installation-guide/page/57605.htm

    ------------------------------
    Jaired Anderson
    Senior Professional Services Consultant
    imperva
    Tulsa OK
    ------------------------------



  • 5.  RE: Running Virtual Appliance as Bridge Mode on ESX

    Posted 8 days ago
    Hi Jaired,

    Thanks for the link. We deployed v2500 gw running with 13.5.0.20_0 as bridge-impha. We faced with slowness problem while accessing web servers behind the Imperva V2500. After disabling LRO on bridge interfaces, we solved the slowness problem. However, if we enable TRP for web services, we encounter stability issues about SSL connections. I have tried many different SSL settings, but the problem was not solved. Finally, I had to disable TRP.

    Is there any known issue about TRP on virtual gateway?


    ------------------------------
    cezmi çal
    technical expert
    Barikat Cyber Security
    ------------------------------