Imperva Cyber Community

communities_1.jpg
 View Only
  • 1.  agent cross connection to Gateway

    Posted 11-24-2023 01:58
    Edited by Charles Eapen 11-24-2023 02:13

    Is it possible to connect the agents in Datacenter DC to DR gateways also. Currently agents in DC are connected to Gateway servers in DC.
    Agents in DR are connected to Gateway servers id DR. Both DC and Dr have S2S VPN network connectivity.


    #DatabaseActivityMonitoring

    ------------------------------

    ------------------------------



  • 2.  RE: agent cross connection to Gateway

    Posted 11-26-2023 08:37

    Hi,

    During the agent registration, you have additional options to register the agent to the second gateway. But I read somewhere that this option will be unsupported or is no longer unsupported.

    The best way is to configure Cluster Gateway or Large Cluster Gateway depending on the performance of your SQL server.  You can decide/move the agents between the gateways. 



    ------------------------------
    Karol Gruszczynski
    IT Security Expert
    Trafford IT Sp. z o.o.
    Warsaw
    ------------------------------



  • 3.  RE: agent cross connection to Gateway

    Posted 11-28-2023 05:31

    can the cluster be done between GW servers in DC and DR. Both are in different IP subnets.



    ------------------------------
    Charles
    ------------------------------



  • 4.  RE: agent cross connection to Gateway

    Posted 11-29-2023 11:36

    Here you can find a Cluster Gateway manual: https://docs.imperva.com/bundle/v14.7-database-activity-monitoring-user-guide/page/6516.htm

    The best configuration is Dual Network Topology - Separate Agent.

    1. Gateway management interfaces should be in the same VLAN.
    2. The listeners' interface of gateways should be in a different VLAN than the management gateway interfaces.
    3. DB Servers can be in any different VLAN, but you must remember to add agent routing. 

    I suppose that GW's management interfaces could be in various VLANs, but I have never done a configuration like that.



    ------------------------------
    Karol Gruszczynski
    IT Security Expert
    Trafford IT Sp. z o.o.
    Warsaw
    ------------------------------