Imperva Cyber Community

Hi everyone,

According to our design, our two gateway devices operate independently and do not run HA (High Availability) between the two devices (expect work as TRP mode and fail-open operation). We see that device WAF-02 is operating as expected, but device 01 is not fail-open as a configuration with error log as below (note that two gateways is not running in HA) and same configuration at the same device group.

 I see some differences in the configuration within the folder GTI: info/gwstatus.xml files across two devices. Despite configuring a Gateway group on MX  and adding both devices to it, these differences persist. I'm unsure of the cause.

how could i configure WAF-01 to match WAF-02's configuration, specifically setting fail-open to true, is-ha to false, and ensuring that all bridges are set to is-ha-active=true?

Hi Dinh,

Could you try to toggle bridge ha configuration by navigating to impcfg>Gateway>Interfaces path as seen on the screenshot below on GW1 in order to to make the same configuration as GW2? Then please share the results here.

Hi everyone,

According to our design, our two gateway devices operate independently and do not run HA (High Availability) between the two devices (expect work as TRP mode and fail-open operation). We see that device WAF-02 is operating as expected, but device 01 is not fail-open as a configuration with error log as below (note that two gateways is not running in HA) and same configuration at the same device group.

 I see some differences in the configuration within the folder GTI: info/gwstatus.xml files across two devices. Despite configuring a Gateway group on MX  and adding both devices to it, these differences persist. I'm unsure of the cause.

how could i configure WAF-01 to match WAF-02's configuration, specifically setting fail-open to true, is-ha to false, and ensuring that all bridges are set to is-ha-active=true?

Thanks  Cezmi for your helpful information. I followed your guideline and this is the result – it's done and the configuration on WAF-01 has been changed to match WAF-02. 

Hi Dinh,

Could you try to toggle bridge ha configuration by navigating to impcfg>Gateway>Interfaces path as seen on the screenshot below on GW1 in order to to make the same configuration as GW2? Then please share the results here.

Hi everyone,

According to our design, our two gateway devices operate independently and do not run HA (High Availability) between the two devices (expect work as TRP mode and fail-open operation). We see that device WAF-02 is operating as expected, but device 01 is not fail-open as a configuration with error log as below (note that two gateways is not running in HA) and same configuration at the same device group.

 I see some differences in the configuration within the folder GTI: info/gwstatus.xml files across two devices. Despite configuring a Gateway group on MX  and adding both devices to it, these differences persist. I'm unsure of the cause.

how could i configure WAF-01 to match WAF-02's configuration, specifically setting fail-open to true, is-ha to false, and ensuring that all bridges are set to is-ha-active=true?

Hi everyone,

According to our design, our two gateway devices operate independently and do not run HA (High Availability) between the two devices (expect work as TRP mode and fail-open operation). We see that device WAF-02 is operating as expected, but device 01 is not fail-open as a configuration with error log as below (note that two gateways is not running in HA) and same configuration at the same device group.

 I see some differences in the configuration within the folder GTI: info/gwstatus.xml files across two devices. Despite configuring a Gateway group on MX  and adding both devices to it, these differences persist. I'm unsure of the cause.

how could i configure WAF-01 to match WAF-02's configuration, specifically setting fail-open to true, is-ha to false, and ensuring that all bridges are set to is-ha-active=true?