# Troubleshooting

- [WAF Gateway / Virtual Machine](https://waf-doc.inext.checkpoint.com/troubleshooting/waf-gateway-virtual-machine.md): CloudGuard WAF can be deployed as an add-on for NGINX, thus providing protection to any applications and APIs served by NGINX Reverse Proxy.
- [Azure](https://waf-doc.inext.checkpoint.com/troubleshooting/waf-gateway-virtual-machine/azure.md): CloudGuard WAF can be deployed as either a single virtual machine or a Scale-Set in Azure. It acts as a reverse proxy where before / after you can deploy Azure Load Balancers.
- ["Unable to find a tag containing the vault's name in the VMSS" Error](https://waf-doc.inext.checkpoint.com/troubleshooting/waf-gateway-virtual-machine/azure/unable-to-find-a-tag-containing-the-vaults-name-in-the-vmss-error.md)
- [How To: Configure Key Vault for a Single Gateway](https://waf-doc.inext.checkpoint.com/troubleshooting/waf-gateway-virtual-machine/azure/how-to-configure-key-vault-for-a-single-gateway.md)
- [NGINX Error: Upstream Sent Too Big Header While Reading Response Header from Upstream](https://waf-doc.inext.checkpoint.com/troubleshooting/waf-gateway-virtual-machine/nginx-error-upstream-sent-too-big-header-while-reading-response-header-from-upstream.md)
- [How To: Compare Between the Gateway's Certificate and the Upstream Certificate](https://waf-doc.inext.checkpoint.com/troubleshooting/waf-gateway-virtual-machine/how-to-compare-between-the-gateways-certificate-and-the-upstream-certificate.md)
- [Linux](https://waf-doc.inext.checkpoint.com/troubleshooting/linux.md): CloudGuard WAF can be deployed as an add-on for NGINX, thus providing protection to any applications and APIs served by NGINX Reverse Proxy.
- [SELinux: Checking Status and Disabling](https://waf-doc.inext.checkpoint.com/troubleshooting/linux/selinux-checking-status-and-disabling.md)
- [WAF as a Service](https://waf-doc.inext.checkpoint.com/troubleshooting/waf-as-a-service.md): CloudGuard WAF SaaS provides all of CloudGuard WAF's security capabilities, with the ease of avoiding the need for a complex deployment.
- [Certificate Validation Failed: Adjusting CAA Record](https://waf-doc.inext.checkpoint.com/troubleshooting/waf-as-a-service/certificate-validation-failed-adjusting-caa-record.md)
- [How To: Redirect a Root Domain to a Subdomain Protected by WAF SaaS](https://waf-doc.inext.checkpoint.com/troubleshooting/waf-as-a-service/how-to-redirect-a-root-domain-to-a-subdomain-protected-by-waf-saas.md): Goal: Provide a static IP address to update root domain DNS settings to redirect to a subdomain protected by our Web Application Firewall, typically "www.".
- [How To: Extend Connection Timeout to Upstream](https://waf-doc.inext.checkpoint.com/troubleshooting/waf-as-a-service/how-to-extend-connection-timeout-to-upstream.md): Goal: Extend the default timeout configuration from the default 60 seconds for assets that need a longer timeout connection time.
- [WAF SaaS Certificate Expiration](https://waf-doc.inext.checkpoint.com/troubleshooting/waf-as-a-service/waf-saas-certificate-expiration.md)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://waf-doc.inext.checkpoint.com/troubleshooting.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.