diff --git a/example-config.toml b/example-config.toml
index 64733d8d..b10dc18f 100644
--- a/example-config.toml
+++ b/example-config.toml
@@ -1,15 +1,8 @@
 # This is an example config file for defguard VPN gateway
 # To use it fill in actual values for your deployment below
 
-# Required: defguard server gRPC endpoint URL
-# NOTE: must replace default with actual value
-grpc_url = "<defguard_grpc_url>"
-# Optional: gateway name which will be displayed in defguard web UI
-name = "Gateway A"
 # Required: use userspace WireGuard implementation (e.g. wireguard-go)
 userspace = false
-# Optional: path to TLS cert file
-# grpc_ca = cert.pem
 # Required: how often should interface stat updates be sent to defguard server (in seconds)
 stats_period = 60
 # Required: name of WireGuard interface
diff --git a/src/config.rs b/src/config.rs
index 9f5020b5..a81722c5 100644
--- a/src/config.rs
+++ b/src/config.rs
@@ -15,6 +15,22 @@ fn default_log_level() -> String {
     String::from("info")
 }
 
+fn default_grpc_port() -> u16 {
+    50066
+}
+
+fn default_stats_period() -> u64 {
+    30
+}
+
+fn default_ifname() -> String {
+    String::from("wg0")
+}
+
+fn default_syslog_facility() -> String {
+    String::from("LOG_USER")
+}
+
 fn default_adoption_timeout() -> u64 {
     10
 }
@@ -23,6 +39,10 @@ fn default_syslog_socket() -> PathBuf {
     PathBuf::from("/var/run/log")
 }
 
+fn default_cert_dir() -> PathBuf {
+    PathBuf::from("/etc/defguard/certs")
+}
+
 #[derive(Debug, Parser, Clone, Deserialize)]
 #[clap(about = "Defguard VPN gateway service")]
 #[command(version = VERSION)]
@@ -33,18 +53,22 @@ pub struct Config {
 
     /// Gateway gRPC server port.
     #[arg(long, env = "DEFGUARD_GRPC_PORT", default_value = "50066")]
+    #[serde(default = "default_grpc_port")]
     pub(crate) grpc_port: u16,
 
     /// Use userspace WireGuard implementation e.g. wireguard-go
     #[arg(long, short = 'u', env = "DEFGUARD_USERSPACE")]
+    #[serde(default)]
     pub userspace: bool,
 
     /// Defines how often (in seconds) interface statistics are sent to Defguard Core.
     #[arg(long, short = 'p', env = "DEFGUARD_STATS_PERIOD", default_value = "30")]
+    #[serde(default = "default_stats_period")]
     pub stats_period: u64,
 
     /// Network interface name (e.g. wg0)
     #[arg(long, short = 'i', env = "DEFGUARD_IFNAME", default_value = "wg0")]
+    #[serde(default = "default_ifname")]
     pub ifname: String,
 
     /// Write process ID (PID) to this file
@@ -53,10 +77,12 @@ pub struct Config {
 
     /// Log to syslog
     #[arg(long, short = 's')]
+    #[serde(default)]
     pub use_syslog: bool,
 
     /// Syslog facility
     #[arg(long, default_value = "LOG_USER")]
+    #[serde(default = "default_syslog_facility")]
     pub syslog_facility: String,
 
     /// Syslog socket path
@@ -113,6 +139,7 @@ pub struct Config {
         env = "DEFGUARD_GATEWAY_CERT_DIR",
         default_value = "/etc/defguard/certs"
     )]
+    #[serde(default = "default_cert_dir")]
     pub cert_dir: PathBuf,
 
     /// Time limit in minutes for the auto-adoption process.