Imperva Cyber Community

communities_1.jpg
 View Only

  • 1.  Can the agent cause the rising of network traffic?

    Posted 10-27-2022 00:30
    Edited by Sarah Lamont 10-28-2022 02:44
    Hi,

    Can the Imperva agent cause the rising of network utilization?

    The Operation Mode is in Simulation on the Server Group and the agents are Running with Blocking-Inline Mode. When the production starts, our client notice a very slow response from the application. Also, they have a monitoring tool that detects the behaviour of the DB servers, which they can see that the network utilization is increasing on that specific server, but the CPU and RAM remains minimal. There is also no alerts that can be seen in the Monitor -> Alerts of Imperva. So, we decided to Disable the Operation Mode (Server Group) to isolate but still the issue remains the same. The client decided to disable the agent from the affected server by stopping, so now the agents are disconnected from the MX and Gateway as we can see in the Setup -> Agents. Upon testing, the application works normally.

    Is there anyone that have the same experience or any idea why the agent has an effect on the network even if the Server Group is Disabled?
    #ImpervaAgent

    ------------------------------
    Oliver Naabay
    Customer Engineer
    Automated Technologies Incorporated
    Makati City
    ------------------------------


  • 2.  RE: Can the agent cause the rising of network traffic?
    Best Answer

    Posted 10-27-2022 15:21
    Hi Oliver,

    Nice to meet you, maybe as a help you can review "hades" as an effect of Troubleshooting

    /proc/hades/status

    • Provides insight into general traffic processing variables
    • Used to perform equipment sizing during a PoC

    [root@ss90 hades]# cat status
      Global:
      3516 Kbps (max 371140 Kbps)                               <= TOTAL DEL TRÁFICO QUE PASA
      3444 Kbps Application (max 7984 Kbps)               <= TRÁFICO QUE REALMENTE ANALIZA
      0 Kbps FAM (max 14468 Kbps)
      1 connection/sec (max 31 connection/sec)
      0 overload connection/sec (max 0 connection/sec)
      0 HTTP hits/sec (max 20 hits/sec)
      0 WFD successful hits/sec (max 0 hits/sec)
      342 SQL hits/sec (max 1232 hits/sec)                     <= TPS por segundo de bases de datos
      0 Cifs hits/sec (max 127 hits/sec)
      0 Cifs aggregated hits/sec (max 7 hits/sec)
      0 Sharepoint hits/sec (max 7 hits/sec)
      0 Sharepoint aggregated hits/sec (max 1 hits/sec)

    I hope to be helpful.

    Warm regards!

    ------------------------------
    Luis Elola
    CyberSecurity EngineerChile
    ------------------------------



  • 3.  RE: Can the agent cause the rising of network traffic?

    Posted 10-27-2022 20:00
    Hi @Luis Elola,

    Nice to meet you and thank you for your recommendation.

    We'll try to check on this during testing possibly next week and give this thread an update.


    Hi Sir @Marvin Tablizo,

    Let's try to check this.
    ​​​

    ------------------------------
    Oliver Naabay
    Customer Engineer
    Automated Technologies Incorporated
    Makati City
    ------------------------------

    Original Message


  • 4.  RE: Can the agent cause the rising of network traffic?

    Posted 10-27-2022 20:02
    Hi @Luis Elola,

    I forgot to ask, where should check this? On the affected DB server or on gateway?


    ------------------------------
    Oliver Naabay
    Customer Engineer
    Automated Technologies Incorporated
    Makati City
    ------------------------------

    Original Message


  • 5.  RE: Can the agent cause the rising of network traffic?

    Posted 10-27-2022 21:52
    My apologies forgot to mention that;

    /proc/hades

    provides access to fundamental values and data for debugging the most common gateway problems ;)

    ------------------------------
    Luis Elola
    CyberSecurity EngineerChile
    ------------------------------

    Original Message


  • 6.  RE: Can the agent cause the rising of network traffic?

    Posted 10-27-2022 22:01
    Hi @Luis Elola,

    This is noted. We'll check on this.

    thank you.
    ​​

    ------------------------------
    Oliver Naabay
    Customer Engineer
    Automated Technologies Incorporated
    Makati City
    ------------------------------

    Original Message


  • 7.  RE: Can the agent cause the rising of network traffic?

    Posted 11-16-2022 03:41
    Hi Oliver ,

    When the agent is running in blocked online mode,
    all database traffic will be sent through the agent to the gateway for inspection and then sent back to the database,
    so there will be a lot of network traffic.

    When the agent is running in blocked online mode,
    disable the Operation Mode (Server Group) will only stop the policy check,
    but the agent will be sent to the gateway and then back to the database.

    ------------------------------
    Henry Zhu
    Technical Engineer
    CipherTech Co., Ltd
    Taipei
    ------------------------------

    Original Message