- CheckMates
- :
- Products
- :
- CloudMates Products
- :
- CloudGuard - WAF
- :
- Cloudguard appsec and azure app service
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Cloudguard appsec and azure app service
Hi,
Can cloudguard appsec protect PaaS service like azure app service ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
No, it can't as the certificate and private key can't be exported from Azure Paas.
So if AppSec doesn't have the private key, it can't intercept the traffic, also it can only protect web services.
If you are using PaaS DB or Storage service, AppSec is not the relevant product.
The same for CloudGuard Network Security. you can protect your PaaS service up to the transport layer (4), the GW won't be able to catch many of the IPS signatures for example.
In order to use CloudGuard Network security with PaaS, you will need to use a private endpoint and UDR.
We will have an SK that explains exactly how to do that in a few days.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for your response. Follow-up question since you brought up certs. For every application we want protected by appsec we would need to upload the cert to appsec correct? Also, when it comes to renewing the certs we would have to upload it again. Is there a more efficient way to handle certificate management if we had 100s of web apps to protect?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
No, the certificates are being managed on the cloud provider, it's explained in the admin guide.
You just need to associate the AppSec instances with a role that provides access to the certificate on the certificate manager and the private key on the secret manager.