Prepare key information
It is recommended to prepare the information below, before you start deployment, as it will help you in the configuration process.
Identify where you are going to install CloudGuard AppSec and enforce security. The environment and deployment type will define which Enforcement Point is applicable to your project. You can read more about the different enforcement points in the Gateways & Agents section.
Options are to deploy as:
- A Gateway (Single VMWare or Auto Scaling Group) in AWS in a dedicated or in an existing VPC
- A Gateway (Single VMWare or ScaleSet) in Azure in a dedicated or in an existing VNet
- A Gateway in VMWare vSphere
- An Agent with an existing/new NGINX Kubernetes Ingress
- An Agent with an existing/new NGINX reverse proxy or web server
- An Agent on a Docker Container with a new NGINX reverse proxy container
Collect the following information about the web application(s) or API(s) you are going to protect. You will need this to configure the CloudGuard AppSec Assets.
- What is the internal URL or IP address and port of the web application(s), API(s) or internal load balancer in front of them? These are often URLs that will only be accessible from your reverse proxy/security Gateway and not directly exposed to the Internet.
- What is the external URL and port that you would like to expose to the users? For example - https://www.acme.com or https://acme.com/api.
- In case you use HTTPS you should have access to the SSL certificate and private key
- What is the best way to distinguish between users of the application or API? This is useful for the CloudGuard AppSec machine learning process:
- Specific header in the HTTP request
- Specific key in an HTTP cookie
- Specific key in HTTP JWT
- IP address in X-Forward-For header
- IP address of the request