diff --git a/app_gateway/apps.py b/app_gateway/apps.py
index ea16f1f..6d90049 100644
--- a/app_gateway/apps.py
+++ b/app_gateway/apps.py
@@ -4,3 +4,8 @@ from django.apps import AppConfig
 class AppGatewayConfig(AppConfig):
     default_auto_field = 'django.db.models.BigAutoField'
     name = 'app_gateway'
+
+    def ready(self):
+        from django.db.models.signals import post_migrate
+        from app_gateway.setup_defaults import create_default_entries
+        post_migrate.connect(create_default_entries, sender=self)
diff --git a/app_gateway/caddy_config_export.py b/app_gateway/caddy_config_export.py
index 543ac64..4cd1916 100644
--- a/app_gateway/caddy_config_export.py
+++ b/app_gateway/caddy_config_export.py
@@ -2,14 +2,12 @@ import json
 import os
 
 from app_gateway.models import (
-    AccessPolicy, Application, ApplicationPolicy
+    AccessPolicy, Application, ApplicationPolicy, RESERVED_APP_NAME
 )
 from gatekeeper.models import (
     AuthMethod, GatekeeperGroup, GatekeeperIPAddress, GatekeeperUser
 )
 
-RESERVED_APP_NAME = 'wireguard_webadmin'
-
 POLICY_TYPE_MAP = {
     'public': 'bypass',
     'protected': 'protected',
diff --git a/app_gateway/models.py b/app_gateway/models.py
index a654b7e..5184c88 100644
--- a/app_gateway/models.py
+++ b/app_gateway/models.py
@@ -5,6 +5,8 @@ from django.utils.translation import gettext_lazy as _
 
 from gatekeeper.models import GatekeeperGroup, AuthMethod, _unique_slug
 
+RESERVED_APP_NAME = 'wireguard_webadmin'
+
 
 class Application(models.Model):
     name = models.SlugField(max_length=64, unique=True)
@@ -17,7 +19,9 @@ class Application(models.Model):
     uuid = models.UUIDField(unique=True, default=uuid.uuid4, editable=False)
 
     def save(self, *args, **kwargs):
-        if self.display_name:
+        if self.display_name == RESERVED_APP_NAME:
+            self.name = RESERVED_APP_NAME
+        elif self.display_name:
             self.name = _unique_slug(Application, self.display_name, exclude_pk=self.pk)
         super().save(*args, **kwargs)
 
diff --git a/app_gateway/setup_defaults.py b/app_gateway/setup_defaults.py
new file mode 100644
index 0000000..59bb280
--- /dev/null
+++ b/app_gateway/setup_defaults.py
@@ -0,0 +1,33 @@
+import logging
+
+logger = logging.getLogger(__name__)
+
+
+def create_default_entries(**kwargs):
+    from app_gateway.models import AccessPolicy, Application, ApplicationPolicy, RESERVED_APP_NAME
+
+    # Default access policies
+    public_policy, created = AccessPolicy.objects.get_or_create(
+        policy_type='public',
+        defaults={'display_name': 'Public'},
+    )
+    if created:
+        logger.info("Created default AccessPolicy: Public")
+
+    deny_policy, created = AccessPolicy.objects.get_or_create(
+        policy_type='deny',
+        defaults={'display_name': 'Deny'},
+    )
+    if created:
+        logger.info("Created default AccessPolicy: Deny")
+
+    # Reserved wireguard_webadmin application
+    app, created = Application.objects.get_or_create(
+        display_name=RESERVED_APP_NAME,
+        defaults={'upstream': 'http://wireguard-webadmin:8000'},
+    )
+    if created:
+        logger.info("Created default Application: %s", RESERVED_APP_NAME)
+        if not ApplicationPolicy.objects.filter(application=app).exists():
+            ApplicationPolicy.objects.create(application=app, default_policy=public_policy)
+            logger.info("Assigned default policy 'Public' to application '%s'", RESERVED_APP_NAME)
diff --git a/app_gateway/views.py b/app_gateway/views.py
index 3389140..7926f4e 100644
--- a/app_gateway/views.py
+++ b/app_gateway/views.py
@@ -17,6 +17,7 @@ from app_gateway.forms import (
 from app_gateway.models import (
     Application, ApplicationHost, AccessPolicy, ApplicationPolicy, ApplicationRoute
 )
+from app_gateway.setup_defaults import create_default_entries
 from user_manager.models import UserAcl
 
 
@@ -25,6 +26,7 @@ def view_app_gateway_list(request):
     if not UserAcl.objects.filter(user=request.user).filter(user_level__gte=20).exists():
         return render(request, 'access_denied.html', {'page_title': _('Access Denied')})
 
+    create_default_entries()
     applications = Application.objects.all().order_by('name')
     hosts = ApplicationHost.objects.all().order_by('hostname')
     access_policies = AccessPolicy.objects.all().order_by('name')
diff --git a/gatekeeper/views.py b/gatekeeper/views.py
index 245224e..2e0fd9b 100644
--- a/gatekeeper/views.py
+++ b/gatekeeper/views.py
@@ -9,6 +9,7 @@ from django.shortcuts import render, get_object_or_404, redirect
 from django.urls import reverse
 from django.utils.translation import gettext as _
 
+from app_gateway.setup_defaults import create_default_entries
 from gatekeeper.forms import GatekeeperUserForm, GatekeeperGroupForm, AuthMethodForm, AuthMethodAllowedDomainForm, \
     AuthMethodAllowedEmailForm, GatekeeperIPAddressForm
 from gatekeeper.models import GatekeeperUser, GatekeeperGroup, AuthMethod, AuthMethodAllowedDomain, \
@@ -22,6 +23,7 @@ def view_gatekeeper_list(request):
     if not UserAcl.objects.filter(user=request.user).filter(user_level__gte=20).exists():
         return render(request, 'access_denied.html', {'page_title': _('Access Denied')})
 
+    create_default_entries()
     active_tab = request.GET.get('tab', 'auth_methods')
     auth_methods = AuthMethod.objects.all().order_by('name')
     users = GatekeeperUser.objects.all().prefetch_related('groups').order_by('username')