Hi,
I suspect one of three issues. If the certificate is valid.
1. You did the wrong implementation VRRP cluster.
You should configure (for instance) ETH2 on both gateway IP addresses for VRRP communication. 172.31.5.x and 172.31.5.y.
After that, you should add the IP address on the same interface (ETH2) as VIP for the web server.- 172.31.5.66. Please remember about the alias. There you configure the interface inbound and outbound for the VIP. If you do both on the same ETH, then you have "proxy on the stick".
And WAF should work well.
and two the most probability:
2. The problem is with the TLS version supported by the web server. Check TLS version without WAF. for instance: Add "IndicateTLS" to the FireFox browser and check the TLS version. If your webserver is supported the older version TLS1.1 or TLS1.0 then you can be sure that IMPERVA cannot connect to the server.
3. Check the time on the webserver, client's computer, and WAF. A difference of more than a few minutes causes incompatibility in the TLS protocol.
------------------------------
Karol Gruszczyński
IT Security Expert
Trafford IT
Warsaw
------------------------------
Original Message:
Sent: 07-16-2022 17:20
From: Soporte I2Ss
Subject: ERR_EMPTY_RESPONSE
Hi team We have a two WAF in HA configuration in reverse proxy and one web application doesn't work. This is the issue.
We took a capture and we saw this problem in the SSL handshake
173.31.5.42 is the web server
and 172.31.5.66 is the virtual IP (VRRP)
The certificate is fine.
What can we do?
We have other web applications with the same topology and configuration, and they work.
Thank you.
#On-PremisesWAF(formerlySecuresphere)
------------------------------
Soporte I2Ss
Engineer Support
Bogota
------------------------------