How To: Configure Key Vault for a Single Gateway

When using CloudGuard WAF Gateway in Azure, deploying a VMSS requires the certificates to be hosted in a Key Vault, while a Single Gateway does not. This guide explains the steps that need to be taken in order to configure using Azure Key Vault with a CloudGuard WAF Single Gateway deployment and / or attaching it to an existing VMSS deployment.

WHAT TO DO?

On the WAF VMSS / Virtual Machine:

  1. Click on Identity on the left menu

  2. Click on System Assigned tab → Turn On the Status bar.

  3. Click Save

On the Key Vault:

  1. Click on Access Policy

  2. Click on Create

  3. Choose permissions: Secret permissions → Get, List; Certificate Permissions: Get, List

  4. Click Next

  5. On Principal tab, search for the VMSS name and choose it

  6. Click Next twice

  7. Click Create

On the WAF VMSS / Virtual Machine:

  1. Click on Tags

  2. Add a new tag → Name: vault; Value: Key Vault name

  3. Click Apply

Last updated

Was this helpful?