diff --git a/fe-common/overlay/etc/hiera/data/group.yaml b/fe-common/overlay/etc/hiera/data/group.yaml
index afa281a7..3bab01ce 100644
--- a/fe-common/overlay/etc/hiera/data/group.yaml
+++ b/fe-common/overlay/etc/hiera/data/group.yaml
@@ -137,3 +137,20 @@ sunet_frontend:
           - 443
         letsencrypt_server: 'acme-c.sunet.se'
         haproxy_imagetag: 'stable'
+
+      'demweidas':
+        site_name: 'demw.eidas.swedenconnect.se'
+        frontends:
+          'fe-fre-3.komreg.net':
+            ips: ['94.176.226.14', '2001:6b0:65:1::14']
+          'fe-tug-3.komreg.net':
+            ips: ['94.176.226.15', '2001:6b0:65:1::15']
+        backends:
+          default:
+            'demw1.komreg.net':
+              ips: ['94.176.224.252']
+              server_args: 'ssl check verify none'
+        allow_ports:
+          - 443
+        letsencrypt_server: 'acme-c.sunet.se'
+        haproxy_imagetag: 'stable'
diff --git a/fe-common/overlay/opt/frontend/config/demweidas/haproxy.j2 b/fe-common/overlay/opt/frontend/config/demweidas/haproxy.j2
new file mode 100644
index 00000000..f3c3826a
--- /dev/null
+++ b/fe-common/overlay/opt/frontend/config/demweidas/haproxy.j2
@@ -0,0 +1,22 @@
+{% extends 'common/haproxy_base.j2' %}
+
+{% from "common/haproxy_macros.j2" import bind_ip_tls, web_security_options, acme_challenge, csp %}
+
+{% block frontend %}
+frontend {{ site_name }}
+    {{ bind_ip_tls(bind_ips, 443, tls_certificate_bundle) }}
+
+    stats enable
+    timeout http-request 10s
+    timeout http-keep-alive 4s
+    option forwardfor
+    http-request set-header X-Forwarded-Proto https
+
+    {{ web_security_options(['no_frames', 'block_xss', 'hsts', 'no_sniff']) }}
+
+    {{ acme_challenge(letsencrypt_server) }}
+
+    use_backend {{ site_name }}__default
+
+{% endblock frontend %}
+
diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml
index 14660c69..c6bcb807 100644
--- a/global/overlay/etc/puppet/cosmos-rules.yaml
+++ b/global/overlay/etc/puppet/cosmos-rules.yaml
@@ -590,8 +590,7 @@ md-eu1.qa.komreg.net:
            - 'se-tug-lb-1.sunet.se'
          port: '443'
 
-'^demw-[0-9]+\.sveidas\.se$':
-   sunet_iaas_cloud:
+'^demw-[0-9]+\.komreg\.net$':
    eid::dockerhost:
    konsulter:
    autoupdate:
@@ -605,8 +604,8 @@ md-eu1.qa.komreg.net:
      sites:
        'demw.eidas.swedenconnect.se':
          frontends:
-           - 'se-fre-lb-1.sunet.se'
-           - 'se-tug-lb-1.sunet.se'
+           - 'fe-fre-3.komreg.net'
+           - 'fe-tug-3.komreg.net'
          port: '443'
 
 '^refidp-[0-9]+\.qa\.sveidas\.se$':