Prepare key information

It is recommended to prepare the information below, before you start deployment, as it will help you in the configuration process.

Target Environment and Deployment Type

Identify where you are going to install CloudGuard AppSec and enforce security. The environment and deployment type will define which Enforcement Point is applicable to your project. You can read more about the different enforcement points in the Gateways & Agents section.
Options are to deploy as:
  • A Gateway (Single VMWare or Auto Scaling Group) in AWS in a dedicated or in an existing VPC
  • A Gateway (Single VMWare or ScaleSet) in Azure in a dedicated or in an existing VNet
  • A Gateway in VMWare vSphere
  • A managed Reverse Proxy NGINX Docker Container with an agent (Alpha).
  • An Agent on a Docker Container with a new NGINX reverse proxy/Kong API server container.
  • An Agent with an existing/new NGINX Kubernetes Ingress.
  • An Agent with an existing/new NGINX reverse proxy or Kong API server.

Data region

According to your environment's location (for latency concerns) and, if applicable, regulation concerns, select the data region from the supported options.
At this stage, CloudGuard AppSec supports : Europe, United States, India, Australia

Application or API Configuration Details

Collect the following information about the web application(s) or API(s) you are going to protect. You will need this to configure the CloudGuard AppSec Assets.
  • What is the internal URL or IP address and port of the web application(s), API(s) or internal load balancer in front of them? These are often URLs that will only be accessible from your reverse proxy/security Gateway and not directly exposed to the Internet.
  • What is the external URL and port that you would like to expose to the users? For example - or
  • In case you use HTTPS you should have access to the SSL certificate and private key
  • What is the best way to distinguish between users of the application or API? This is useful for the CloudGuard AppSec machine learning process:
    • Specific header in the HTTP request
    • Specific key in an HTTP cookie
    • Specific key in HTTP JWT
    • IP address in X-Forward-For header
    • IP address of the request