Here is my configuration:
[root@MX-01 mxha]# impctl server ha installEnter the directory for temporary data [/var/tmp/secsph-ha]: Enter the keep alive IP address or hostname (pingable server): 172.25.92.1 (Mgmt Gateway IP)Enter the secondary server public IP address: 172.25.92.102Enter the virtual server IP address: 172.25.93.100 Enter the heartbeat interface name [eth0 eth1 eth2 eth3]: eth1Enter the public interface name [eth0 eth1 eth2 eth3]: eth0
Both Imperva management interfaces need to be in the same L-2 segment. If you want to spread it between sites you need to have a VPN/L2 VLAN. Since only one MX will be active, all your gateways (both sites) will report to the same MX - the one with virtual IP. It is simpler to have both MXs in the same location, usually the one closer to more gateways. You will need to cross the WAN link in any case. On your diagram, if a link between sites gets disconnected - both MXs will become the primary one. If you must have MX on each site, leave it a stand-alone Imperva and manage both. Another option is to use two VM MX and use the snapshot at fixed intervals to restore it in case of failure.
Thank you for your response.
Maybe you have some MX-HA topology example?