Prepare key information
It is recommended to prepare the information below, before you start deployment, as it will help you in the configuration process.
Options are to deploy as:
- A Gateway (Single VMWare or Auto Scaling Group) in AWS in a dedicated or in an existing VPC
- A Gateway (Single VMWare or ScaleSet) in Azure in a dedicated or in an existing VNet
- A Gateway in VMWare vSphere
- A managed Reverse Proxy NGINX Docker Container with an agent (Alpha).
- An Agent on a Docker Container with a new NGINX reverse proxy/Kong API server container.
- An Agent with an existing/new NGINX Kubernetes Ingress.
- An Agent with an existing/new NGINX reverse proxy or Kong API server.
According to your environment's location (for latency concerns) and, if applicable, regulation concerns, select the data region from the supported options.
At this stage, CloudGuard AppSec supports : Europe, United States, India, Australia
Collect the following information about the web application(s) or API(s) you are going to protect. You will need this to configure the CloudGuard AppSec Assets.
- What is the internal URL or IP address and port of the web application(s), API(s) or internal load balancer in front of them? These are often URLs that will only be accessible from your reverse proxy/security Gateway and not directly exposed to the Internet.
- What is the external URL and port that you would like to expose to the users? For example - https://www.acme.com or https://acme.com/api.
- In case you use HTTPS you should have access to the SSL certificate and private key
- What is the best way to distinguish between users of the application or API? This is useful for the CloudGuard AppSec machine learning process:
- Specific header in the HTTP request
- Specific key in an HTTP cookie
- Specific key in HTTP JWT
- IP address in X-Forward-For header
- IP address of the request