Imperva Cyber Community

Hi,

Can the Imperva agent cause the rising of network utilization?

The Operation Mode is in Simulation on the Server Group and the agents are Running with Blocking-Inline Mode. When the production starts, our client notice a very slow response from the application. Also, they have a monitoring tool that detects the behaviour of the DB servers, which they can see that the network utilization is increasing on that specific server, but the CPU and RAM remains minimal. There is also no alerts that can be seen in the Monitor -> Alerts of Imperva. So, we decided to Disable the Operation Mode (Server Group) to isolate but still the issue remains the same. The client decided to disable the agent from the affected server by stopping, so now the agents are disconnected from the MX and Gateway as we can see in the Setup -> Agents. Upon testing, the application works normally.

Is there anyone that have the same experience or any idea why the agent has an effect on the network even if the Server Group is Disabled?
#ImpervaAgent

------------------------------
Oliver Naabay
Customer Engineer
Automated Technologies Incorporated
Makati City
------------------------------

Hi Oliver,

Nice to meet you, maybe as a help you can review "hades" as an effect of Troubleshooting

/proc/hades/status

• Provides insight into general traffic processing variables
• Used to perform equipment sizing during a PoC

I hope to be helpful.

Warm regards!

------------------------------
Luis Elola
CyberSecurity EngineerChile
------------------------------

Original Message:
Sent: 10-27-2022 00:29
From: Oliver Naabay
Subject: Can the agent cause the rising of network traffic??

Hi,

Can the Imperva agent cause the rising of network utilization?

The Operation Mode is in Simulation on the Server Group and the agents are Running with Blocking-Inline Mode. When the production starts, our client notice a very slow response from the application. Also, they have a monitoring tool that detects the behaviour of the DB servers, which they can see that the network utilization is increasing on that specific server, but the CPU and RAM remains minimal. There is also no alerts that can be seen in the Monitor -> Alerts of Imperva. So, we decided to Disable the Operation Mode (Server Group) to isolate but still the issue remains the same. The client decided to disable the agent from the affected server by stopping, so now the agents are disconnected from the MX and Gateway as we can see in the Setup -> Agents. Upon testing, the application works normally.

Is there anyone that have the same experience or any idea why the agent has an effect on the network even if the Server Group is Disabled?
#ImpervaAgent

------------------------------
Oliver Naabay
Customer Engineer
Automated Technologies Incorporated
Makati City
------------------------------

Hi @Luis Elola,

Nice to meet you and thank you for your recommendation.

We'll try to check on this during testing possibly next week and give this thread an update.


Hi Sir @Marvin Tablizo,

Let's try to check this.
​​​

------------------------------
Oliver Naabay
Customer Engineer
Automated Technologies Incorporated
Makati City
------------------------------

Original Message:
Sent: 10-27-2022 15:20
From: Luis Elola
Subject: Can the agent cause the rising of network traffic??

Hi Oliver,

Nice to meet you, maybe as a help you can review "hades" as an effect of Troubleshooting

/proc/hades/status

• Provides insight into general traffic processing variables
• Used to perform equipment sizing during a PoC

[root@ss90 hades]# cat status

  Global:

  3516 Kbps (max 371140 Kbps)                               <= TOTAL DEL TRÁFICO QUE PASA

  3444 Kbps Application (max 7984 Kbps)               <= TRÁFICO QUE REALMENTE ANALIZA

  0 Kbps FAM (max 14468 Kbps)

  1 connection/sec (max 31 connection/sec)

  0 overload connection/sec (max 0 connection/sec)

  0 HTTP hits/sec (max 20 hits/sec)

  0 WFD successful hits/sec (max 0 hits/sec)

  342 SQL hits/sec (max 1232 hits/sec)                     <= TPS por segundo de bases de datos

  0 Cifs hits/sec (max 127 hits/sec)

  0 Cifs aggregated hits/sec (max 7 hits/sec)

  0 Sharepoint hits/sec (max 7 hits/sec)

  0 Sharepoint aggregated hits/sec (max 1 hits/sec)

I hope to be helpful.

Warm regards!

------------------------------
Luis Elola
CyberSecurity EngineerChile

Original Message:
Sent: 10-27-2022 00:29
From: Oliver Naabay
Subject: Can the agent cause the rising of network traffic??

Hi,

Can the Imperva agent cause the rising of network utilization?

The Operation Mode is in Simulation on the Server Group and the agents are Running with Blocking-Inline Mode. When the production starts, our client notice a very slow response from the application. Also, they have a monitoring tool that detects the behaviour of the DB servers, which they can see that the network utilization is increasing on that specific server, but the CPU and RAM remains minimal. There is also no alerts that can be seen in the Monitor -> Alerts of Imperva. So, we decided to Disable the Operation Mode (Server Group) to isolate but still the issue remains the same. The client decided to disable the agent from the affected server by stopping, so now the agents are disconnected from the MX and Gateway as we can see in the Setup -> Agents. Upon testing, the application works normally.

Is there anyone that have the same experience or any idea why the agent has an effect on the network even if the Server Group is Disabled?
#ImpervaAgent

------------------------------
Oliver Naabay
Customer Engineer
Automated Technologies Incorporated
Makati City
------------------------------

Hi @Luis Elola,

I forgot to ask, where should check this? On the affected DB server or on gateway?
​

------------------------------
Oliver Naabay
Customer Engineer
Automated Technologies Incorporated
Makati City
------------------------------

Original Message:
Sent: 10-27-2022 15:20
From: Luis Elola
Subject: Can the agent cause the rising of network traffic??

Hi Oliver,

Nice to meet you, maybe as a help you can review "hades" as an effect of Troubleshooting

/proc/hades/status

• Provides insight into general traffic processing variables
• Used to perform equipment sizing during a PoC

[root@ss90 hades]# cat status

  Global:

  3516 Kbps (max 371140 Kbps)                               <= TOTAL DEL TRÁFICO QUE PASA

  3444 Kbps Application (max 7984 Kbps)               <= TRÁFICO QUE REALMENTE ANALIZA

  0 Kbps FAM (max 14468 Kbps)

  1 connection/sec (max 31 connection/sec)

  0 overload connection/sec (max 0 connection/sec)

  0 HTTP hits/sec (max 20 hits/sec)

  0 WFD successful hits/sec (max 0 hits/sec)

  342 SQL hits/sec (max 1232 hits/sec)                     <= TPS por segundo de bases de datos

  0 Cifs hits/sec (max 127 hits/sec)

  0 Cifs aggregated hits/sec (max 7 hits/sec)

  0 Sharepoint hits/sec (max 7 hits/sec)

  0 Sharepoint aggregated hits/sec (max 1 hits/sec)

I hope to be helpful.

Warm regards!

------------------------------
Luis Elola
CyberSecurity EngineerChile

Original Message:
Sent: 10-27-2022 00:29
From: Oliver Naabay
Subject: Can the agent cause the rising of network traffic??

Hi,

Can the Imperva agent cause the rising of network utilization?

The Operation Mode is in Simulation on the Server Group and the agents are Running with Blocking-Inline Mode. When the production starts, our client notice a very slow response from the application. Also, they have a monitoring tool that detects the behaviour of the DB servers, which they can see that the network utilization is increasing on that specific server, but the CPU and RAM remains minimal. There is also no alerts that can be seen in the Monitor -> Alerts of Imperva. So, we decided to Disable the Operation Mode (Server Group) to isolate but still the issue remains the same. The client decided to disable the agent from the affected server by stopping, so now the agents are disconnected from the MX and Gateway as we can see in the Setup -> Agents. Upon testing, the application works normally.

Is there anyone that have the same experience or any idea why the agent has an effect on the network even if the Server Group is Disabled?
#ImpervaAgent

------------------------------
Oliver Naabay
Customer Engineer
Automated Technologies Incorporated
Makati City
------------------------------

My apologies forgot to mention that;

/proc/hades

provides access to fundamental values and data for debugging the most common gateway problems ;)

------------------------------
Luis Elola
CyberSecurity EngineerChile
------------------------------

Original Message:
Sent: 10-27-2022 20:01
From: Oliver Naabay
Subject: Can the agent cause the rising of network traffic??

Hi @Luis Elola,

I forgot to ask, where should check this? On the affected DB server or on gateway?
​

------------------------------
Oliver Naabay
Customer Engineer
Automated Technologies Incorporated
Makati City

Original Message:
Sent: 10-27-2022 15:20
From: Luis Elola
Subject: Can the agent cause the rising of network traffic??

Hi Oliver,

Nice to meet you, maybe as a help you can review "hades" as an effect of Troubleshooting

/proc/hades/status

• Provides insight into general traffic processing variables
• Used to perform equipment sizing during a PoC

[root@ss90 hades]# cat status

  Global:

  3516 Kbps (max 371140 Kbps)                               <= TOTAL DEL TRÁFICO QUE PASA

  3444 Kbps Application (max 7984 Kbps)               <= TRÁFICO QUE REALMENTE ANALIZA

  0 Kbps FAM (max 14468 Kbps)

  1 connection/sec (max 31 connection/sec)

  0 overload connection/sec (max 0 connection/sec)

  0 HTTP hits/sec (max 20 hits/sec)

  0 WFD successful hits/sec (max 0 hits/sec)

  342 SQL hits/sec (max 1232 hits/sec)                     <= TPS por segundo de bases de datos

  0 Cifs hits/sec (max 127 hits/sec)

  0 Cifs aggregated hits/sec (max 7 hits/sec)

  0 Sharepoint hits/sec (max 7 hits/sec)

  0 Sharepoint aggregated hits/sec (max 1 hits/sec)

I hope to be helpful.

Warm regards!

------------------------------
Luis Elola
CyberSecurity EngineerChile

Original Message:
Sent: 10-27-2022 00:29
From: Oliver Naabay
Subject: Can the agent cause the rising of network traffic??

Hi,

Can the Imperva agent cause the rising of network utilization?

The Operation Mode is in Simulation on the Server Group and the agents are Running with Blocking-Inline Mode. When the production starts, our client notice a very slow response from the application. Also, they have a monitoring tool that detects the behaviour of the DB servers, which they can see that the network utilization is increasing on that specific server, but the CPU and RAM remains minimal. There is also no alerts that can be seen in the Monitor -> Alerts of Imperva. So, we decided to Disable the Operation Mode (Server Group) to isolate but still the issue remains the same. The client decided to disable the agent from the affected server by stopping, so now the agents are disconnected from the MX and Gateway as we can see in the Setup -> Agents. Upon testing, the application works normally.

Is there anyone that have the same experience or any idea why the agent has an effect on the network even if the Server Group is Disabled?
#ImpervaAgent

------------------------------
Oliver Naabay
Customer Engineer
Automated Technologies Incorporated
Makati City
------------------------------

Hi @Luis Elola,

This is noted. We'll check on this.

thank you.
​​

------------------------------
Oliver Naabay
Customer Engineer
Automated Technologies Incorporated
Makati City
------------------------------

Original Message:
Sent: 10-27-2022 21:51
From: Luis Elola
Subject: Can the agent cause the rising of network traffic??

My apologies forgot to mention that;

/proc/hades

provides access to fundamental values and data for debugging the most common gateway problems ;)

------------------------------
Luis Elola
CyberSecurity EngineerChile

Original Message:
Sent: 10-27-2022 20:01
From: Oliver Naabay
Subject: Can the agent cause the rising of network traffic??

Hi @Luis Elola,

I forgot to ask, where should check this? On the affected DB server or on gateway?
​

------------------------------
Oliver Naabay
Customer Engineer
Automated Technologies Incorporated
Makati City

Original Message:
Sent: 10-27-2022 15:20
From: Luis Elola
Subject: Can the agent cause the rising of network traffic??

Hi Oliver,

Nice to meet you, maybe as a help you can review "hades" as an effect of Troubleshooting

/proc/hades/status

• Provides insight into general traffic processing variables
• Used to perform equipment sizing during a PoC

[root@ss90 hades]# cat status

  Global:

  3516 Kbps (max 371140 Kbps)                               <= TOTAL DEL TRÁFICO QUE PASA

  3444 Kbps Application (max 7984 Kbps)               <= TRÁFICO QUE REALMENTE ANALIZA

  0 Kbps FAM (max 14468 Kbps)

  1 connection/sec (max 31 connection/sec)

  0 overload connection/sec (max 0 connection/sec)

  0 HTTP hits/sec (max 20 hits/sec)

  0 WFD successful hits/sec (max 0 hits/sec)

  342 SQL hits/sec (max 1232 hits/sec)                     <= TPS por segundo de bases de datos

  0 Cifs hits/sec (max 127 hits/sec)

  0 Cifs aggregated hits/sec (max 7 hits/sec)

  0 Sharepoint hits/sec (max 7 hits/sec)

  0 Sharepoint aggregated hits/sec (max 1 hits/sec)

I hope to be helpful.

Warm regards!

------------------------------
Luis Elola
CyberSecurity EngineerChile

Original Message:
Sent: 10-27-2022 00:29
From: Oliver Naabay
Subject: Can the agent cause the rising of network traffic??

Hi,

Can the Imperva agent cause the rising of network utilization?

The Operation Mode is in Simulation on the Server Group and the agents are Running with Blocking-Inline Mode. When the production starts, our client notice a very slow response from the application. Also, they have a monitoring tool that detects the behaviour of the DB servers, which they can see that the network utilization is increasing on that specific server, but the CPU and RAM remains minimal. There is also no alerts that can be seen in the Monitor -> Alerts of Imperva. So, we decided to Disable the Operation Mode (Server Group) to isolate but still the issue remains the same. The client decided to disable the agent from the affected server by stopping, so now the agents are disconnected from the MX and Gateway as we can see in the Setup -> Agents. Upon testing, the application works normally.

Is there anyone that have the same experience or any idea why the agent has an effect on the network even if the Server Group is Disabled?
#ImpervaAgent

------------------------------
Oliver Naabay
Customer Engineer
Automated Technologies Incorporated
Makati City
------------------------------

Hi Oliver ,

When the agent is running in blocked online mode,
all database traffic will be sent through the agent to the gateway for inspection and then sent back to the database,
so there will be a lot of network traffic.

When the agent is running in blocked online mode,
disable the Operation Mode (Server Group) will only stop the policy check,
but the agent will be sent to the gateway and then back to the database.

------------------------------
Henry Zhu
Technical Engineer
CipherTech Co., Ltd
Taipei
------------------------------

Original Message:
Sent: 10-27-2022 22:00
From: Oliver Naabay
Subject: Can the agent cause the rising of network traffic?

Hi @Luis Elola,

This is noted. We'll check on this.

thank you.
​​

------------------------------
Oliver Naabay
Customer Engineer
Automated Technologies Incorporated
Makati City

Original Message:
Sent: 10-27-2022 21:51
From: Luis Elola
Subject: Can the agent cause the rising of network traffic??

My apologies forgot to mention that;

/proc/hades

provides access to fundamental values and data for debugging the most common gateway problems ;)

------------------------------
Luis Elola
CyberSecurity EngineerChile

Original Message:
Sent: 10-27-2022 20:01
From: Oliver Naabay
Subject: Can the agent cause the rising of network traffic??

Hi @Luis Elola,

I forgot to ask, where should check this? On the affected DB server or on gateway?
​

------------------------------
Oliver Naabay
Customer Engineer
Automated Technologies Incorporated
Makati City

Original Message:
Sent: 10-27-2022 15:20
From: Luis Elola
Subject: Can the agent cause the rising of network traffic??

Hi Oliver,

Nice to meet you, maybe as a help you can review "hades" as an effect of Troubleshooting

/proc/hades/status

• Provides insight into general traffic processing variables
• Used to perform equipment sizing during a PoC

[root@ss90 hades]# cat status

  Global:

  3516 Kbps (max 371140 Kbps)                               <= TOTAL DEL TRÁFICO QUE PASA

  3444 Kbps Application (max 7984 Kbps)               <= TRÁFICO QUE REALMENTE ANALIZA

  0 Kbps FAM (max 14468 Kbps)

  1 connection/sec (max 31 connection/sec)

  0 overload connection/sec (max 0 connection/sec)

  0 HTTP hits/sec (max 20 hits/sec)

  0 WFD successful hits/sec (max 0 hits/sec)

  342 SQL hits/sec (max 1232 hits/sec)                     <= TPS por segundo de bases de datos

  0 Cifs hits/sec (max 127 hits/sec)

  0 Cifs aggregated hits/sec (max 7 hits/sec)

  0 Sharepoint hits/sec (max 7 hits/sec)

  0 Sharepoint aggregated hits/sec (max 1 hits/sec)

I hope to be helpful.

Warm regards!

------------------------------
Luis Elola
CyberSecurity EngineerChile

Original Message:
Sent: 10-27-2022 00:29
From: Oliver Naabay
Subject: Can the agent cause the rising of network traffic??

Hi,

Can the Imperva agent cause the rising of network utilization?

The Operation Mode is in Simulation on the Server Group and the agents are Running with Blocking-Inline Mode. When the production starts, our client notice a very slow response from the application. Also, they have a monitoring tool that detects the behaviour of the DB servers, which they can see that the network utilization is increasing on that specific server, but the CPU and RAM remains minimal. There is also no alerts that can be seen in the Monitor -> Alerts of Imperva. So, we decided to Disable the Operation Mode (Server Group) to isolate but still the issue remains the same. The client decided to disable the agent from the affected server by stopping, so now the agents are disconnected from the MX and Gateway as we can see in the Setup -> Agents. Upon testing, the application works normally.

Is there anyone that have the same experience or any idea why the agent has an effect on the network even if the Server Group is Disabled?
#ImpervaAgent

------------------------------
Oliver Naabay
Customer Engineer
Automated Technologies Incorporated
Makati City
------------------------------