# Azure

## Overview

{% hint style="info" %}
If you are deploying a CloudGuard WAF Gateway to protect an existing production website, we recommend you also read the [HOW-TO guide for this particular deployment](/how-to/protect-an-existing-production-site-with-cloudguard-wafs-gateway.md).
{% endhint %}

CloudGuard WAF can be deployed as either a single virtual machine or a Scale-Set in Azure. It acts as a reverse proxy where before / after you can deploy Azure Load Balancers:

<div data-full-width="true"><figure><img src="/files/fb3g2b1pSqnjGV81XLU5" alt=""><figcaption></figcaption></figure></div>

{% hint style="info" %}
Make sure you obtain the \<token> from the [Enforcement **Profile**](/getting-started/deploy-enforcement-point.md) page, **Authentication** section. You will need it in during agent deployment.

![](/files/tAyti9aG3utyFHls2McN)
{% endhint %}

## Installation

Follow these steps to deploy CloudGuard WAF in Azure using an ARM Template:

#### Step 1:  Azure Log in

Log in to to your Azure account.

#### Step 2: Verify required permissions

Verify that you have the required permissions:

<details>

<summary>Azure permissions</summary>

Microsoft.Resources:

Purchase Resource

Validate Deployment

Microsoft.Insights:

Update autoscale setting

Microsoft.Compute:

Create or Update Virtual Machine Scale Set

Microsoft.KeyVault: Update Access Policy

Microsoft.Network:&#x20;

Create or Update Public Ip Address

Create or Update Virtual Network

Create or Update Route Table

Create or Update Network Security Group

Create or Update Load Balancer

Microsoft.Storage:

Update Storage Account Create

If deploying VMSS with a new Azure Key Vault:&#x20;

Microsoft.KeyVault:

Update Key Vault

Write Secret

</details>

#### Step 3: **Deployment using ARM Template**

* Open the CloudGuard WAF's Azure page: <https://azuremarketplace.microsoft.com/en-us/marketplace/apps/checkpoint.checkpoint_waap?tab=Overview>.
* Click the blue "Get It Now" button to start the configuration wizard.

#### &#x20;  You have two options to store certificates:

{% content-ref url="/pages/ibANNodjYVMlrG3tt6Xs" %}
[Store Certificates in Azure](/getting-started/deploy-enforcement-point/gateway-virtual-machine/azure/store-certificates-in-azure.md)
{% endcontent-ref %}

{% content-ref url="/pages/AwmS4FcuC3df9g66jPnV" %}
[Store Certificates on Gateway](/getting-started/deploy-enforcement-point/gateway-virtual-machine/vmware/store-certificates-on-gateway.md)
{% endcontent-ref %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://waf-doc.inext.checkpoint.com/getting-started/deploy-enforcement-point/gateway-virtual-machine/azure.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.