Thanks again and mark your answer as best answer so others can easily find related post.
Original Message:
Sent: 05-22-2023 06:38
From: Cezmi Cal
Subject: DAM Agent Interface not Reachable
Hi Mitesh,
I am happy to hear that the suggestion solved your case.
You may mark the Reply as Best Answer so others can easily find related post.
------------------------------
Cezmi Cal
technical support engineer
Barikat Internet Guvenligi Bilisim Ticaret A.S.
Ankara
Original Message:
Sent: 05-19-2023 03:09
From: Mitesh Mehta
Subject: DAM Agent Interface not Reachable
Hi Cezmi Cal,
Thank you for your detailed and valuable reply.
Just today I received confirmation from the one DB team that the communication issue was resolved after adding agent related routes to each GW.
------------------------------
Regards,
ππ’πππ¬π‘ πππ‘ππ
Senior Security Consultant
Mumbai
Original Message:
Sent: 05-11-2023 03:48
From: Cezmi Cal
Subject: DAM Agent Interface not Reachable
Hi Mitesh,
1. The first question's answer is yes. You can define as many as you want.
2. When you initiate the connection from GW, your traffic is routed from your eth0 interface because of default gateway configuration. On the other side, when the traffic is initiated from DB server (agent) to agent listener IP address, the first SYN packet reaches to eth1 (agent listener IP) then your SYN-ACK packet returns over eth0 (when you did not define any static route for this network as described previous post). This situation causes asymmetric traffic and connection cannot be established. You need to route the return traffic over eth1. You should use this menu -> https://docs.imperva.com/bundle/v14.9-dam-administration-guide/page/7284.htm
3. You should use because as I understand from this guide, it is not different from other interface types. https://docs.imperva.com/bundle/v14.9-dam-administration-guide/page/7290.htm
------------------------------
Cezmi Cal
technical support engineer
Barikat Internet Guvenligi Bilisim Ticaret A.S.
Ankara
Original Message:
Sent: 05-11-2023 03:26
From: Mitesh Mehta
Subject: DAM Agent Interface not Reachable
Hi Cezmi Cal,
Thanks for the answer.
But in your response I have 3 mentioned doubts:
1. In this agent route can i define 5-6 DB Zone network?
2. How this method works in Imperva. Earlier, at this point, I tried to verify connectivity from the Imperva Gateway to the DB server. At this point, the IP address of the listener interface (eth1) uses the interface's default gateway IP (eth0) for outbound data from the gateway.
3. Can this backroute method be used on the LAN agent interface (eth1)?because we have not define another interface.
To clarify, this is a VM environment and we have defined two network interfaces. The interface (eth0) is used as the management interface and the interface (eth1) is the LAN interface on which we defined the agent listener.
------------------------------
Regards,
ππ’πππ¬π‘ πππ‘ππ
Senior Security Consultant
Mumbai
Original Message:
Sent: 05-10-2023 09:44
From: Cezmi Cal
Subject: DAM Agent Interface not Reachable
Hi Mitesh,
You need to define back-route for DB Server network that you installed the agent under "impcfg->gateway->agent listener" menu on Gateways' CLI.
Could you try this and let us know the results please?
------------------------------
Cezmi Cal
technical support engineer
Barikat Internet Guvenligi Bilisim Ticaret A.S.
Ankara
Original Message:
Sent: 05-10-2023 05:18
From: Mitesh Mehta
Subject: DAM Agent Interface not Reachable
Hi Team,
We created a gateway cluster (2+1) using a dual network cluster topology. Using this topology, we defined two interfaces for each gateway. Interface (eth0) is used for cluster communication and interface (eth1) is used as a data interface between agents and gateways.
The interface (eth1) is a LAN interface and we have defined an agent listener on this interface.
After that, whenever we started the agent integration from the DB server to the gateway interface (eth1) it failed.
We also checked the firewall side, and they received the allowed logs from DB server to Gateway end.
As I said before, interface(eth1) is a LAN interface, so I have a question about interface(eth1). Can we use a LAN interface as an agent listener or do I have to define a separate interface for the listener interface?
Please someone help me to solve this problem.
Regards,
#DatabaseActivityMonitoring
------------------------------
Mitesh Mehta
Senior Security Consultant
Mumbai
------------------------------