Secure your Internet traffic and SaaS apps
Learning path
Provide your users and networks with a secure, performant, and flexible path to the Internet.
Modules: 11 Reading time: 85 min
Concepts
Learn the core concepts of using Cloudflare Zero Trust functionality to provide granular security policy for devices and networks accessing the Internet.
Contains 1 units
Get started with Zero Trust
Start securing your users and networks with Cloudflare Zero Trust.
Contains 4 units
- Prerequisites
1 min
- Create a Cloudflare account
1 min
- Create a Zero Trust organization
1 min
- Configure an identity provider
2 min
Configure the device agent
The following steps are identical to Configure the device agent in the Replace your VPN implementation guide. If you have already completed Replace your VPN, you can skip ahead to Determine when to use PAC files.
Contains 6 units
Connect user devices
After setting up your Cloudflare account and Zero Trust organization, you can begin connecting user devices to Cloudflare.
Contains 3 units
- Download and install WARP
2 min
- MDM deployment
2 min
- Verify device connectivity
1 min
Connect networks to Cloudflare
After connecting your devices to Cloudflare, you can route their traffic through your DNS, network, and HTTP policies. However, not every device can run a Zero Trust client. This module offers detail on connecting your networks to the Cloudflare …
Contains 1 units
- Choose an on-ramp
3 min
Understand and streamline policy creation
Before you begin building security policies, there are a few key details about Gateway to review.
Contains 3 units
Build DNS security policies
DNS security is an important, wide-reaching, and early action in the lifecycle of a request. Cloudflare operates one of the world’s largest and fastest public DNS resolvers. Your users’ public DNS requests will be resolved by that same resolution …
Contains 5 units
- Create your first DNS policy
1 min
- Create an allowlist or blocklist
1 min
- Recommended DNS policies
3 min
- Onboard DNS for a network
2 min
- Test a policy
2 min
Build network security policies
After creating policies for security based on DNS resolution, we can layer in additional security controls with the Gateway network firewall, which operates at Layer 4 of the OSI model. The Gateway network firewall allows you to build specific …
Contains 1 units
Build HTTP security policies
After securing your organization’s DNS queries and network level traffic, you can begin implementing advanced security controls for web traffic by inspecting HTTPS and taking actions based on the full URL or the body of HTTP requests.
Contains 5 units
Control traffic egress with source IP anchoring and allowlisting
Now that you have created firewall policies to secure your organization, you can begin creating egress policies to control what IP address your users egress to the Internet with.
Contains 3 units
Secure SaaS applications
Now that you have deployed dedicated egress IPs and created egress policies to anchor your source IPs, you can integrate Cloudflare with your SSO provider and secure your SaaS applications.