# "Unable to find a tag containing the vault's name in the VMSS" Error

When using CloudGuard WAF Gateway in Azure, deploying a VMSS required the certificates to be hosted in a Key Vault. This guide explains the steps needs to be taken when a critical error on monitoring stating: "Unable to find a tag containing the vault's name in the VMSS".

**WHAT TO DO?**

1. Navigate to [portal.azure.com](http://portal.azure.com/)
2. Click on **Subscriptions** → Choose the relevant Subscription in which the CloudGuard WAF VMSS deployment is using.
3. Choose the relevant CloudGuard WAF VMSS (Virtual Machine Scale Set) and **click** on it.
4. Click on **Tags** on the right-side menu\
   ![](/files/xitVohvmPcadEb7esWhF)
5. Create a new tag → Name: vault, Value: key vault name (can be found on Azure Key Vault)

   <figure><img src="/files/umobAJVL6YpncTbg5JT0" alt=""><figcaption></figcaption></figure>
6. Click **Apply**
7. Go back to Infinity Portal → **Enforce Policy and Publish**.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://waf-doc.inext.checkpoint.com/troubleshooting/waf-gateway-virtual-machine/azure/unable-to-find-a-tag-containing-the-vaults-name-in-the-vmss-error.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.