# Check Point WAF ## CloudGuard WAF - [Documentation Overview](https://waf-doc.inext.checkpoint.com/documentation-overview.md) - [What is CloudGuard WAF?](https://waf-doc.inext.checkpoint.com/what-is-cloudguard-waf.md) - [Prepare key information](https://waf-doc.inext.checkpoint.com/getting-started/prepare-key-information.md) - [Log in to the Infinity Portal](https://waf-doc.inext.checkpoint.com/getting-started/log-in-to-the-infinity-portal.md) - [Protect a Web Application / API](https://waf-doc.inext.checkpoint.com/getting-started/protect-a-web-application-api.md) - [Protect a Web API](https://waf-doc.inext.checkpoint.com/getting-started/protect-a-web-api.md) - [Deploy Enforcement Point](https://waf-doc.inext.checkpoint.com/getting-started/deploy-enforcement-point.md) - [Gateway/Virtual Machine](https://waf-doc.inext.checkpoint.com/getting-started/deploy-enforcement-point/gateway-virtual-machine.md) - [AWS](https://waf-doc.inext.checkpoint.com/getting-started/deploy-enforcement-point/gateway-virtual-machine/aws.md) - [Store Certificates in AWS](https://waf-doc.inext.checkpoint.com/getting-started/deploy-enforcement-point/gateway-virtual-machine/aws/store-certificates-in-aws.md) - [Store certificates on Gateway](https://waf-doc.inext.checkpoint.com/getting-started/deploy-enforcement-point/gateway-virtual-machine/aws/store-certificates-on-gateway.md) - [Azure](https://waf-doc.inext.checkpoint.com/getting-started/deploy-enforcement-point/gateway-virtual-machine/azure.md) - [Store Certificates in Azure](https://waf-doc.inext.checkpoint.com/getting-started/deploy-enforcement-point/gateway-virtual-machine/azure/store-certificates-in-azure.md) - [Store Certificates on Gateway](https://waf-doc.inext.checkpoint.com/getting-started/deploy-enforcement-point/gateway-virtual-machine/azure/store-certificates-on-gateway.md) - [VMware](https://waf-doc.inext.checkpoint.com/getting-started/deploy-enforcement-point/gateway-virtual-machine/vmware.md) - [Store Certificates on Gateway](https://waf-doc.inext.checkpoint.com/getting-started/deploy-enforcement-point/gateway-virtual-machine/vmware/store-certificates-on-gateway.md) - [Configure networking in VMware Deployments](https://waf-doc.inext.checkpoint.com/getting-started/deploy-enforcement-point/gateway-virtual-machine/vmware/configure-networking-in-vmware-deployments.md) - [WAF-as-a-Service (WAF SaaS)](https://waf-doc.inext.checkpoint.com/getting-started/deploy-enforcement-point/waf-as-a-service-waf-saas.md) - [Certificates Managed by Check Point](https://waf-doc.inext.checkpoint.com/getting-started/deploy-enforcement-point/waf-as-a-service-waf-saas/certificates-managed-by-check-point.md) - [Bring Your Own Certificate (BYOC)](https://waf-doc.inext.checkpoint.com/getting-started/deploy-enforcement-point/waf-as-a-service-waf-saas/bring-your-own-certificate-byoc.md) - [Integrating WAF SaaS with AWS CloudFront](https://waf-doc.inext.checkpoint.com/getting-started/deploy-enforcement-point/waf-as-a-service-waf-saas/integrating-waf-saas-with-aws-cloudfront.md) - [Configure CDN Caching](https://waf-doc.inext.checkpoint.com/getting-started/deploy-enforcement-point/waf-as-a-service-waf-saas/configure-cdn-caching.md) - [Kubernetes](https://waf-doc.inext.checkpoint.com/getting-started/deploy-enforcement-point/kubernetes.md) - [Kong Application Security](https://waf-doc.inext.checkpoint.com/getting-started/deploy-enforcement-point/kubernetes/kong-application-security.md) - [Kong Application Security Using Lua PlugIn](https://waf-doc.inext.checkpoint.com/getting-started/deploy-enforcement-point/kubernetes/kong-application-security-using-lua-plugin.md) - [Istio Application Security](https://waf-doc.inext.checkpoint.com/getting-started/deploy-enforcement-point/kubernetes/istio-application-security.md) - [NGINX Application Security](https://waf-doc.inext.checkpoint.com/getting-started/deploy-enforcement-point/kubernetes/nginx-application-security.md) - [Envoy Application Security (Injector)](https://waf-doc.inext.checkpoint.com/getting-started/deploy-enforcement-point/kubernetes/envoy-application-security-injector.md) - [Docker](https://waf-doc.inext.checkpoint.com/getting-started/deploy-enforcement-point/docker.md) - [Single Docker](https://waf-doc.inext.checkpoint.com/getting-started/deploy-enforcement-point/docker/single-docker.md) - [Deployment using 'docker' command](https://waf-doc.inext.checkpoint.com/getting-started/deploy-enforcement-point/docker/single-docker/deployment-using-docker-command.md) - [Store Certificates Locally on Docker](https://waf-doc.inext.checkpoint.com/getting-started/deploy-enforcement-point/docker/single-docker/deployment-using-docker-command/store-certificates-locally-on-docker.md) - [Deployment in Azure App Services](https://waf-doc.inext.checkpoint.com/getting-started/deploy-enforcement-point/docker/single-docker/deployment-in-azure-app-services.md) - [Dual Docker: NGINX / Kong / Envoy + Security Agent](https://waf-doc.inext.checkpoint.com/getting-started/deploy-enforcement-point/docker/dual-docker-nginx-kong-envoy-+-security-agent.md) - [Linux](https://waf-doc.inext.checkpoint.com/getting-started/deploy-enforcement-point/linux.md) - [NGINX](https://waf-doc.inext.checkpoint.com/getting-started/deploy-enforcement-point/linux/nginx.md) - [Kong Plug In](https://waf-doc.inext.checkpoint.com/getting-started/deploy-enforcement-point/linux/kong-plug-in.md) - [Monitor Events](https://waf-doc.inext.checkpoint.com/getting-started/monitor-events.md) - [WAF Dashboard](https://waf-doc.inext.checkpoint.com/getting-started/monitor-events/waf-dashboard.md) - [API Discovery Dashboard](https://waf-doc.inext.checkpoint.com/getting-started/monitor-events/api-discovery-dashboard.md) - [DDoS Dashboard](https://waf-doc.inext.checkpoint.com/getting-started/monitor-events/ddos-dashboard.md) - [GenAI Dashboard](https://waf-doc.inext.checkpoint.com/getting-started/monitor-events/genai-dashboard.md) - [Event Views](https://waf-doc.inext.checkpoint.com/getting-started/monitor-events/event-views.md) - [Notifications](https://waf-doc.inext.checkpoint.com/getting-started/monitor-events/notifications.md) - [Email Reports](https://waf-doc.inext.checkpoint.com/getting-started/monitor-events/email-reports.md) - [HTTP Error](https://waf-doc.inext.checkpoint.com/getting-started/monitor-events/http-error.md) - [Event Advisor](https://waf-doc.inext.checkpoint.com/getting-started/monitor-events/event-advisor.md) - [WAF-as-a Service (WAF SaaS)](https://waf-doc.inext.checkpoint.com/concepts/waf-as-a-service-waf-saas.md) - [Gateways & Agents](https://waf-doc.inext.checkpoint.com/concepts/gateways-and-agents.md) - [Management & Automation](https://waf-doc.inext.checkpoint.com/concepts/management-and-automation.md) - [Security Practices](https://waf-doc.inext.checkpoint.com/concepts/security-practices.md) - [Contextual Machine Learning](https://waf-doc.inext.checkpoint.com/concepts/contextual-machine-learning.md) - [DDoS Protection](https://waf-doc.inext.checkpoint.com/concepts/ddos-protection.md) - [Anti-Bot Challenge Rules](https://waf-doc.inext.checkpoint.com/additional-security-engines/anti-bot-challenge-rules.md) - [Anti-Bot](https://waf-doc.inext.checkpoint.com/additional-security-engines/anti-bot.md) - [API Protection](https://waf-doc.inext.checkpoint.com/additional-security-engines/api-protection.md) - [API Discovery](https://waf-doc.inext.checkpoint.com/additional-security-engines/api-protection/api-discovery.md) - [Track API Discovery Learning](https://waf-doc.inext.checkpoint.com/additional-security-engines/api-protection/track-api-discovery-learning.md) - [Enforce API Schema](https://waf-doc.inext.checkpoint.com/additional-security-engines/api-protection/enforce-api-schema.md) - [Authentication Enforcement](https://waf-doc.inext.checkpoint.com/additional-security-engines/api-protection/authentication-enforcement.md) - [API Security Testing (Coming Soon)](https://waf-doc.inext.checkpoint.com/additional-security-engines/api-protection/api-security-testing-coming-soon.md) - [Client Side Protection](https://waf-doc.inext.checkpoint.com/additional-security-engines/client-side-protection.md) - [File Security](https://waf-doc.inext.checkpoint.com/additional-security-engines/file-security.md) - [GenAI Security](https://waf-doc.inext.checkpoint.com/additional-security-engines/genai-security.md) - [Intrusion Prevention System (IPS)](https://waf-doc.inext.checkpoint.com/additional-security-engines/intrusion-prevention-system-ips.md) - [Rate Limit](https://waf-doc.inext.checkpoint.com/additional-security-engines/rate-limit.md) - [Snort Rules](https://waf-doc.inext.checkpoint.com/additional-security-engines/snort-rules.md) - [Setup Custom Rules and Exceptions (old)](https://waf-doc.inext.checkpoint.com/setup-instructions/setup-custom-rules-and-exceptions-old.md) - [Setup Custom Rules and Exceptions](https://waf-doc.inext.checkpoint.com/setup-instructions/setup-custom-rules-and-exceptions.md) - [Setup Web User Response Pages](https://waf-doc.inext.checkpoint.com/setup-instructions/setup-web-user-response-pages.md) - [Setup Log Triggers](https://waf-doc.inext.checkpoint.com/setup-instructions/setup-log-triggers.md) - [Setup Report Triggers](https://waf-doc.inext.checkpoint.com/setup-instructions/setup-report-triggers.md) - [Setup Notification Triggers](https://waf-doc.inext.checkpoint.com/setup-instructions/setup-notification-triggers.md) - [Setup Behavior Upon Failure](https://waf-doc.inext.checkpoint.com/setup-instructions/setup-behavior-upon-failure.md) - [Setup Agent Upgrade Schedule](https://waf-doc.inext.checkpoint.com/setup-instructions/setup-agent-upgrade-schedule.md) - [Edit Web Application/API Settings](https://waf-doc.inext.checkpoint.com/how-to/edit-web-application-api-settings.md) - [Edit Reverse Proxy Advanced Settings for a Web Asset](https://waf-doc.inext.checkpoint.com/how-to/edit-reverse-proxy-advanced-settings-for-a-web-asset.md) - [Configure Load Balancing when Using Cloud Guard WAF as a Reverse Proxy](https://waf-doc.inext.checkpoint.com/how-to/configure-load-balancing-when-using-cloud-guard-waf-as-a-reverse-proxy.md) - [Protect an existing production site with CloudGuard WAF's Gateway](https://waf-doc.inext.checkpoint.com/how-to/protect-an-existing-production-site-with-cloudguard-wafs-gateway.md) - [View Policy of all your Web Applications/APIs](https://waf-doc.inext.checkpoint.com/how-to/view-policy-of-all-your-web-applications-apis.md) - [Add Data Loss Prevention (DLP) rules](https://waf-doc.inext.checkpoint.com/how-to/add-data-loss-prevention-dlp-rules.md) - [Configure Contextual Machine Learning for Best Accuracy](https://waf-doc.inext.checkpoint.com/how-to/configure-contextual-machine-learning-for-best-accuracy.md) - [Track Agent Status](https://waf-doc.inext.checkpoint.com/how-to/track-agent-status.md) - [Track Learning and Move from Learn/Detect to Prevent](https://waf-doc.inext.checkpoint.com/how-to/track-learning-and-move-from-learn-detect-to-prevent.md) - [Rotate profile authentication token](https://waf-doc.inext.checkpoint.com/how-to/rotate-profile-authentication-token.md) - [Upgrade your Reverse Proxy when a Linux/NGINX agent is installed](https://waf-doc.inext.checkpoint.com/how-to/upgrade-your-reverse-proxy-when-a-linux-nginx-agent-is-installed.md) - [Use Terraform to Manage CloudGuard WAF](https://waf-doc.inext.checkpoint.com/how-to/use-terraform-to-manage-cloudguard-waf.md) - [Authorize Temporary Access for Check Point Support](https://waf-doc.inext.checkpoint.com/how-to/authorize-temporary-access-for-check-point-support.md) - [Restrict Access to Backend Servers from CloudGuard WAF as a Service IPs Only](https://waf-doc.inext.checkpoint.com/how-to/restrict-access-to-backend-servers-from-cloudguard-waf-as-a-service-ips-only.md) - [Integrate CloudGuard WAF with Prometheus](https://waf-doc.inext.checkpoint.com/how-to/integrate-cloudguard-waf-with-prometheus.md) - [Enable Mutual TLS (mTLS) Authentication in Gateway / Virtual Machine and Single Docker](https://waf-doc.inext.checkpoint.com/how-to/enable-mutual-tls-mtls-authentication-in-gateway-virtual-machine-and-single-docker.md) - [Enable Post-Quantum Cryptography Support (Early Access)](https://waf-doc.inext.checkpoint.com/how-to/enable-post-quantum-cryptography-support-early-access.md) - [Move a Domain Between Tenants in WAF SasS](https://waf-doc.inext.checkpoint.com/how-to/move-a-domain-between-tenants-in-waf-sass.md) - [Configure Multi-Region Deployment in WAF SaaS](https://waf-doc.inext.checkpoint.com/how-to/configure-multi-region-deployment-in-waf-saas.md) - [Configure RBAC Roles](https://waf-doc.inext.checkpoint.com/how-to/configure-rbac-roles.md) - [WAF Gateway / Virtual Machine](https://waf-doc.inext.checkpoint.com/troubleshooting/waf-gateway-virtual-machine.md): CloudGuard WAF can be deployed as an add-on for NGINX, thus providing protection to any applications and APIs served by NGINX Reverse Proxy. - [Azure](https://waf-doc.inext.checkpoint.com/troubleshooting/waf-gateway-virtual-machine/azure.md): CloudGuard WAF can be deployed as either a single virtual machine or a Scale-Set in Azure. It acts as a reverse proxy where before / after you can deploy Azure Load Balancers. - ["Unable to find a tag containing the vault's name in the VMSS" Error](https://waf-doc.inext.checkpoint.com/troubleshooting/waf-gateway-virtual-machine/azure/unable-to-find-a-tag-containing-the-vaults-name-in-the-vmss-error.md) - [How To: Configure Key Vault for a Single Gateway](https://waf-doc.inext.checkpoint.com/troubleshooting/waf-gateway-virtual-machine/azure/how-to-configure-key-vault-for-a-single-gateway.md) - [NGINX Error: Upstream Sent Too Big Header While Reading Response Header from Upstream](https://waf-doc.inext.checkpoint.com/troubleshooting/waf-gateway-virtual-machine/nginx-error-upstream-sent-too-big-header-while-reading-response-header-from-upstream.md) - [How To: Compare Between the Gateway's Certificate and the Upstream Certificate](https://waf-doc.inext.checkpoint.com/troubleshooting/waf-gateway-virtual-machine/how-to-compare-between-the-gateways-certificate-and-the-upstream-certificate.md) - [Linux](https://waf-doc.inext.checkpoint.com/troubleshooting/linux.md): CloudGuard WAF can be deployed as an add-on for NGINX, thus providing protection to any applications and APIs served by NGINX Reverse Proxy. - [SELinux: Checking Status and Disabling](https://waf-doc.inext.checkpoint.com/troubleshooting/linux/selinux-checking-status-and-disabling.md) - [WAF as a Service](https://waf-doc.inext.checkpoint.com/troubleshooting/waf-as-a-service.md): CloudGuard WAF SaaS provides all of CloudGuard WAF's security capabilities, with the ease of avoiding the need for a complex deployment. - [Certificate Validation Failed: Adjusting CAA Record](https://waf-doc.inext.checkpoint.com/troubleshooting/waf-as-a-service/certificate-validation-failed-adjusting-caa-record.md) - [How To: Redirect a Root Domain to a Subdomain Protected by WAF SaaS](https://waf-doc.inext.checkpoint.com/troubleshooting/waf-as-a-service/how-to-redirect-a-root-domain-to-a-subdomain-protected-by-waf-saas.md): Goal: Provide a static IP address to update root domain DNS settings to redirect to a subdomain protected by our Web Application Firewall, typically "www.". - [How To: Extend Connection Timeout to Upstream](https://waf-doc.inext.checkpoint.com/troubleshooting/waf-as-a-service/how-to-extend-connection-timeout-to-upstream.md): Goal: Extend the default timeout configuration from the default 60 seconds for assets that need a longer timeout connection time. - [WAF SaaS Certificate Expiration](https://waf-doc.inext.checkpoint.com/troubleshooting/waf-as-a-service/waf-saas-certificate-expiration.md) - [Agent CLI](https://waf-doc.inext.checkpoint.com/references/agent-cli.md) - [Management API](https://waf-doc.inext.checkpoint.com/references/management-api.md) - [Event Query Language](https://waf-doc.inext.checkpoint.com/references/event-query-language.md) - [Writing Snort Signatures](https://waf-doc.inext.checkpoint.com/references/writing-snort-signatures.md) - [Events/Logs Schema](https://waf-doc.inext.checkpoint.com/references/events-logs-schema.md) - [CVE-2022-3786 and CVE-2022-3602: OpenSSL X.509 Email Address Buffer Overflows (HIGH)](https://waf-doc.inext.checkpoint.com/references/cve-2022-3786-and-cve-2022-3602-openssl-x.509-email-address-buffer-overflows-high.md): Updated: Nov 1st, 2022 22:53 UTC - [CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, CVE-2025-1974: Ingress NGINX Controller RCE (Critical)](https://waf-doc.inext.checkpoint.com/references/cve-2025-1097-cve-2025-1098-cve-2025-24514-cve-2025-1974-ingress-nginx-controller-rce-critical.md) - [GitHub](https://waf-doc.inext.checkpoint.com/resources/github.md) - [Docker Hub](https://waf-doc.inext.checkpoint.com/resources/docker-hub.md) --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on a page URL with the `ask` query parameter: ``` GET https://waf-doc.inext.checkpoint.com/documentation-overview.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.