If you are deploying an AppSec Gateway to protect an existing production website, we recommend you also read the HOW-TO guide for this particular deployment.
CloudGuard AppSec can be deployed as either a single virtual machine or a Scale-Set in Azure. It acts as a reverse proxy where before / after you can deploy Azure Load Balancers:
Make sure you obtain the <token> from the Enforcement Profile page, Authentication section. You will need it in during agent deployment.


Follow these steps to deploy CloudGuard AppSec in Azure using an ARM Template:

Step 1: Azure Log in

Log in to to your Azure account.

Step 2: Verify required permissions

Verify that you have the required permissions:
Azure permissions
Purchase Resource
Validate Deployment
Update autoscale setting
Create or Update Virtual Machine Scale Set
Microsoft.KeyVault: Update Access Policy
Create or Update Public Ip Address
Create or Update Virtual Network
Create or Update Route Table
Create or Update Network Security Group
Create or Update Load Balancer
Update Storage Account Create
If deploying VMSS with a new Azure Key Vault:
Update Key Vault
Write Secret

Step 3: Deployment using ARM Template

You have two options to store certificates: