# Kong Plug In ## Prerequisites * An existing deployment of Kong for Linux. ## Installation For deployment instructions follow steps in the Profile #### Step 1 - Enforce Policy if not done already. #### Step 2 - Run these commands from a Linux server shell: 1. Install the dependencies ``` sudo apt-get update sudo apt-get install -y libbrotli1 libbrotli-dev zlib1g-dev build-essential git curl ca-certificates ``` 2. Run the command to install the Lua Plug In ``` luarocks install --server=https://luarocks.org/manifests/cluadguard-waf cloudguard-waf-kong-plugin export KONG_PLUGINS="bundled,cloudguard-waf-kong-plugin" kong restart curl -i -X POST http://localhost:8001/plugins --data "name=cloudguard-waf-kong-plugin" ``` {% hint style="info" %} If `kong restart` fails with:\ `undefined symbol: BrotliDecoderSetParameter` Ensure Brotli runtime libraries are installed and accessible: ``` sudo apt-get install -y libbrotli1 ldconfig -p | grep libbrotli ``` If the error persists, preload the detected Brotli libraries before restarting Kong. ``` export LD_PRELOAD="$(ldconfig -p | awk '/libbrotlidec.so.1/{print $4}')":"$(ldconfig -p | awk '/libbrotlicommon.so.1/{print $4}')" kong restart ``` {% endhint %} #### 3: Install the Agent Run the following commands from the linux server shell, from the same location as previous step: `chmod +x nanoegg` `./nanoegg --install --token ` {% hint style="info" %} Make sure you obtain the \ from the [Enforcement **Profile**](https://waf-doc.inext.checkpoint.com/getting-started/deploy-enforcement-point) page, **Authentication** section. you will need it during agent deployment. ![](https://2760087783-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEWA4nfgNrSRL8dA6Kap7%2Fuploads%2FodEuUgaIWcxkuTtYrJ2n%2Fappsec-profiles-authentication-token.PNG?alt=media\&token=aaa5d4ad-7a5b-4986-9378-7ec39b22aadd) {% endhint %} The installer creates an initial registration with the CloudGuard WAF cloud and downloads the latest version of the agent installation. #### Step 4: Verify installation The agent will automatically install, connect and should display a successful connection message within the CloudGuard WAF web portal: ![](https://2760087783-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEWA4nfgNrSRL8dA6Kap7%2Fuploads%2FzrhFNuIBv6uIUGnQsqIw%2Fappsec-agents-agent-connected-banner-notification.PNG?alt=media\&token=47ad548e-bf80-4619-9ebf-c93fb736257f) To check agent status after the installation from the Linux server shell, you can run: `cpnano -s`