Azure

Overview

If you are deploying a CloudGuard WAF AppSec Gateway to protect an existing production website, we recommend you also read the HOW-TO guide for this particular deployment.

CloudGuard WAF can be deployed as either a single virtual machine or a Scale-Set in Azure. It acts as a reverse proxy where before / after you can deploy Azure Load Balancers:

Make sure you obtain the <token> from the Enforcement Profile page, Authentication section. You will need it in during agent deployment.

Installation

Follow these steps to deploy CloudGuard WAF in Azure using an ARM Template:

Step 1: Azure Log in

Step 2: Verify required permissions

Verify that you have the required permissions:

Azure permissions

Microsoft.Resources:

Purchase Resource

Validate Deployment

Microsoft.Insights:

Update autoscale setting

Microsoft.Compute:

Create or Update Virtual Machine Scale Set

Microsoft.KeyVault: Update Access Policy

Microsoft.Network:

Create or Update Public Ip Address

Create or Update Virtual Network

Create or Update Route Table

Create or Update Network Security Group

Create or Update Load Balancer

Microsoft.Storage:

Update Storage Account Create

If deploying VMSS with a new Azure Key Vault:

Microsoft.KeyVault:

Update Key Vault

Write Secret

Step 3: Deployment using ARM Template

Open the CloudGuard WAF's Azure page: https://azuremarketplace.microsoft.com/en-us/marketplace/apps/checkpoint.checkpoint_waap?tab=Overview.
Click the blue "Get It Now" button to start the configuration wizard.

You have two options to store certificates:

pageStore Certificates in Azure pageStore Certificates on Gateway

PreviousStore certificates on CloudGuard WAF's AppSec Gateway NextStore Certificates in Azure

Last updated 2 months ago