WAF Gateway (previously SecureSphere) 2020 Roadmap Q&A

👆 Search ABOVE for any product questions 👆

Find other Popular WAF Gateway Questions here.  

If you upgrade from version 13 to 14, do you have to switch models or is KRP ported to NGRP?

|A. If you upgrade from version 13.6 or 13 into version 14.1, and you were on KRP, you will be moved to NGRP. You'll see gen 2 sign next to that and you will be on NGRP. You won't be able to use KRP anymore. You'll get the ability to use all the advanced ciphers I was talking about.

|Q.  What about the performance degradation specially with SSL/TLS with NGRP compared to KRP in version 14.1 ?
|A.  We do have some performance degradation moving from KRP to NGRP. The reason is because we moved from kernel to the user space. It takes more CPU, but this is a user space CPU and not a kernel CPU. Basically, there shouldn't be issues. However, with specific to appliances, 6510 and 8510, there is some degradation. However, in version 14.2 that is coming out in a week or so we have improved that performance and with 8510, there is no issue anymore.

We can go on and upgrade and you won't have any issues. With 6510, we need to check and you might need another machine if you have a very high throughput. We're also working to eliminate that issue so in the future, you can upgrade even with 6510 with no worries and no performance degradation.

|Q. Can I access the WAF Gateway rules from Attack Analytics
|A. Today cannot do that. You can access them only from WAF Gateway, but all the kind of integration from Attack Analytics into WAF Gateway is something we're certainly looking at how to improve also in the future.

|Q. If using 14.3 do you have to use large scale MX, or can you still use traditional MX for those without a SIEM?

|A. Of course, you can still use the traditional MX. The large scale MX is aimed to customers that wants to use it that have a huge number of gateways in the cloud, or on premise. Regardless, if the gateways are running on VMs or appliances, it supports all of them. You will need to specify that you want to move from a regular MX to a large scale. This is not an automatic process. The process of moving, you'll have a check box and you will have to say, "I want to move to large scale MX." That MX, if it's an existing one will be converted to a large scale. If it's a new one, it will be a new large scale MX. In the version 14.3, we won't have the automatical conversion of all the policies to consolidate the different MX's into one, but in the future, we're planning also to help with that and supply you with a migration to your policy so you can consolidate the MXs into a single one much easier. It's not an automatic process. The regular MX of course, will still exist. It's only for customers that have these huge environments and would like to have such an MX to support all these gateways.

|Q. Related to performance, how do you gather the info? Some kind of agent you need to run somewhere that queries data via SNMP?
|A. This is the GitHub place where this performance monitoring tool or health monitoring resides. Today's it's in GitHub. In the future we'll maybe add it into easier installation. There are instructions there how to install, but basically answering the question you just asked, this is the Cron job that is running and every X amount of time collects data. You can choose the frequency of that and it sends that information either to Grafana using InfluxDB or to New Relic or SIEM.

|Q. Will this work for DAM Gateways
|A. This will work for DAM Gateways. In fact, the latest version of this will also support agent information in DAM. I'm not that expert on DAM as I'm more focused as a product manager on WAF so I don't have a demo here for DAM, but it will work on DAM as well.

|Q. This work only in 14.1 version?
|A. It can work also in version 13.

|Q. Is there a plan to incorporate grafana into mx?
|A. Currently there is no plan to incorporate that, but we have to look how we integrate it or how we make the installation easier. I don't yet know if it will be eventually in MX or outside MX. Today in MX, you do have a performance dashboard that shows information. It's a bit different. Here, you have more information. Currently there are no plans to incorporate it into the MX itself.

|Q. Is there anymore features that are addressed in advanced bridge ( like multi- vlan tagging )

|A.  Double VLAN tagging is going to be supported in Advanced Bridge at the end of this year. If I remember correctly, it's going to be supported also on TRP as well. Double VLAN tagging.

|Q. Will there be any changes in impvha HA protocol?
|A. This hasn’t changed. It is our HA mechanism in bridge mode and Advanced Bridge will support it as well.

|Q. Can gateway monitor throughput of each application?
|A. Gateway can monitor throughput of an application. I'm not sure that it will be displayed in the version I've just shown you of the performance dashboard, but this is something that if it's not there we can add. Today, as far as I remember, it can monitor by the level of service group, but I think it can also monitor by the level of application. If it's not there, we can add it.