diff --git a/fe-test-common/overlay/etc/hiera/data/group.yaml b/fe-test-common/overlay/etc/hiera/data/group.yaml
index 434bd5c0..58656397 100644
--- a/fe-test-common/overlay/etc/hiera/data/group.yaml
+++ b/fe-test-common/overlay/etc/hiera/data/group.yaml
@@ -192,3 +192,23 @@ sunet_frontend:
         haproxy_imagetag: 'test'
         frontendtools_image: docker.sunet.se/eidas-frontend-tools
         frontendtools_imagetag: 'staging'
+
+      'demwtest':
+        site_name: 'test.demw.eidas.swedenconnect.se'
+        frontends:
+          'fe-fre-1.test.komreg.net':
+            ips: ['94.176.226.142', '2001:6b0:65:2::142']
+          'fe-tug-1.test.komreg.net':
+            ips: ['94.176.226.143', '2001:6b0:65:2::143']
+        backends:
+          default:
+            'demw-1.test.sveidas.se':
+              ips: ['89.45.236.166']
+              server_args: 'ssl check verify none'
+        allow_ports:
+          - 443
+        letsencrypt_server: 'acme-c.sunet.se'
+        haproxy_image: docker.sunet.se/eidas-haproxy
+        haproxy_imagetag: 'test'
+        frontendtools_image: docker.sunet.se/eidas-frontend-tools
+        frontendtools_imagetag: 'staging'
diff --git a/fe-test-common/overlay/opt/frontend/config/demwtest/haproxy.j2 b/fe-test-common/overlay/opt/frontend/config/demwtest/haproxy.j2
new file mode 100644
index 00000000..4e077c03
--- /dev/null
+++ b/fe-test-common/overlay/opt/frontend/config/demwtest/haproxy.j2
@@ -0,0 +1,21 @@
+{% extends 'common/haproxy_base.j2' %}
+
+{% from "common/haproxy_macros.j2" import bind_ip_tls, web_security_options, acme_challenge, csp %}
+
+{% block frontend %}
+frontend {{ site_name }}
+    {{ bind_ip_tls(bind_ips, 443, tls_certificate_bundle) }}
+
+    timeout http-request 10s
+    timeout http-keep-alive 4s
+    option forwardfor
+    http-request set-header X-Forwarded-Proto https
+
+    {{ web_security_options(['no_frames', 'block_xss', 'hsts', 'no_sniff']) }}
+
+    {{ acme_challenge(letsencrypt_server) }}
+
+    use_backend {{ site_name }}__default
+
+{% endblock frontend %}
+
diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml
index 39d80a84..f3e2b9bc 100644
--- a/global/overlay/etc/puppet/cosmos-rules.yaml
+++ b/global/overlay/etc/puppet/cosmos-rules.yaml
@@ -848,6 +848,9 @@ demw-1.test.sveidas.se:
       storage_driver: 'overlay2'
    konsulter:
    autoupdate:
+   eidas_de_middleware_hsm:
+      version: 320-sc_hsm2
+      hostname: test.demw.eidas.swedenconnect.se
    saml_metadata:
       filename: /opt/eidas-middleware/configuration/serviceprovider-metadata/connector-metadata.xml
       url: https://test.connector.eidas.swedenconnect.se/idp/metadata/sp