Imperva Cyber Community

Hi all,

I have an issue with SecureSphere Gateway with our branches. They can't access to TRP site (transparent reverse proxy) with default MTU. Our branches connect to data center via SSL tunnel.

We have 2 solutions:

• Turn off TRP, GW won't process HTTPS traffic.
• Reduce MTU on branch router or on Window, example 1412.

Anyone know what is diffirent between TRP's and none TRP's MTU ? I think the packet after TRP has MTU bigger 1500 and other device like load balance is not support.

PS: my GW use default MTU = 1500

Thank you.

#On-PremisesWAF(formerlySecuresphere)

------------------------------
tuan nguyen
head of product development - fico
Tien Phong Commercial Joint Stock Bank
HA NOI
------------------------------

Hi,

Maybe you should increase MTU on GTWs.

Try this:

https://docs.imperva.com/bundle/z-kb-articles-km/page/9b0ff549.html

Hi all,

I have an issue with SecureSphere Gateway with our branches. They can't access to TRP site (transparent reverse proxy) with default MTU. Our branches connect to data center via SSL tunnel.

We have 2 solutions:

• Turn off TRP, GW won't process HTTPS traffic.
• Reduce MTU on branch router or on Window, example 1412.

Anyone know what is diffirent between TRP's and none TRP's MTU ? I think the packet after TRP has MTU bigger 1500 and other device like load balance is not support.

PS: my GW use default MTU = 1500

Thank you.

#On-PremisesWAF(formerlySecuresphere)

------------------------------
tuan nguyen
head of product development - fico
Tien Phong Commercial Joint Stock Bank
HA NOI
------------------------------

Hi,

i already think about it but I don't think it will solve the problem. Because the clients can access non TRP site normally (also SSL traffic), so i think no problem between GW and client, just after GW unpack packet/connection, maybe it changed something make the MTU higher 1500, and load balance/backend dont support that MTU.

Thanks,

Hi,

Maybe you should increase MTU on GTWs.

Try this:

https://docs.imperva.com/bundle/z-kb-articles-km/page/9b0ff549.html

Hi all,

I have an issue with SecureSphere Gateway with our branches. They can't access to TRP site (transparent reverse proxy) with default MTU. Our branches connect to data center via SSL tunnel.

We have 2 solutions:

• Turn off TRP, GW won't process HTTPS traffic.
• Reduce MTU on branch router or on Window, example 1412.

Anyone know what is diffirent between TRP's and none TRP's MTU ? I think the packet after TRP has MTU bigger 1500 and other device like load balance is not support.

PS: my GW use default MTU = 1500

Thank you.

#On-PremisesWAF(formerlySecuresphere)

------------------------------
tuan nguyen
head of product development - fico
Tien Phong Commercial Joint Stock Bank
HA NOI
------------------------------

Hi @tuan nguyen,

Do you resolve your problem?

Hi,

i already think about it but I don't think it will solve the problem. Because the clients can access non TRP site normally (also SSL traffic), so i think no problem between GW and client, just after GW unpack packet/connection, maybe it changed something make the MTU higher 1500, and load balance/backend dont support that MTU.

Thanks,

Hi,

Maybe you should increase MTU on GTWs.

Try this:

https://docs.imperva.com/bundle/z-kb-articles-km/page/9b0ff549.html

Hi all,

I have an issue with SecureSphere Gateway with our branches. They can't access to TRP site (transparent reverse proxy) with default MTU. Our branches connect to data center via SSL tunnel.

We have 2 solutions:

• Turn off TRP, GW won't process HTTPS traffic.
• Reduce MTU on branch router or on Window, example 1412.

Anyone know what is diffirent between TRP's and none TRP's MTU ? I think the packet after TRP has MTU bigger 1500 and other device like load balance is not support.

PS: my GW use default MTU = 1500

Thank you.

#On-PremisesWAF(formerlySecuresphere)

------------------------------
tuan nguyen
head of product development - fico
Tien Phong Commercial Joint Stock Bank
HA NOI
------------------------------