How To: Configure Key Vault for a Single Gateway

When using CloudGuard WAF Gateway in Azure, deploying a VMSS requires the certificates to be hosted in a Key Vault, while a Single Gateway does not. This guide explains the steps that need to be taken in order to configure using Azure Key Vault with a CloudGuard WAF Single Gateway deployment and / or attaching it to an existing VMSS deployment.

WHAT TO DO?

On the WAF VMSS / Virtual Machine:

  1. Click on Identity on the left menu

  2. Click on System Assigned tab → Turn On the Status bar.

  3. Click Save

On the Key Vault:

  1. Click on Access Policy

  2. Click on Create

  4. Click Next

  5. On Principal tab, search for the VMSS name and choose it

  6. Click Next twice

  7. Click Create

On the WAF VMSS / Virtual Machine:

  1. Click on Tags

  2. Add a new tag → Name: vault; Value: Key Vault name

  3. Click Apply

Previous"Unable to find a tag containing the vault's name in the VMSS" ErrorNextNGINX Error: Upstream Sent Too Big Header While Reading Response Header from Upstream

Last updated