Secure your Internet traffic and SaaS apps
Provide your users and networks with a secure, performant, and flexible path to the Internet.
Start path-
Concepts
Learn the core concepts of using Cloudflare Zero Trust functionality to provide granular security policy for devices and networks accessing the Internet.
Start moduleContains 1 units
-
Get started with Zero Trust
Start module -
Configure the device agent
The Cloudflare WARP client (known as the Cloudflare One Agent in mobile app stores) encrypts designated traffic from a user’s device to Cloudflare’s global network. In this learning path, we will first define all of your parameters and deployment rules, and then we will install and connect the client. If you prefer to start the client download now, refer to Download WARP.
Start module -
Connect user devices
After setting up your Cloudflare account and Zero Trust organization, you can begin connecting user devices to Cloudflare.
Start moduleContains 3 units
-
Connect networks to Cloudflare
After connecting your devices to Cloudflare, you can route their traffic through your DNS, network, and HTTP policies. However, not every device can run a Zero Trust client. This module offers detail on connecting your networks to the Cloudflare global network to apply your policies.
Start moduleContains 1 units
-
Understand and streamline policy creation
Start module -
Build DNS security policies
DNS security is an important, wide-reaching, and early action in the lifecycle of a request. Cloudflare operates one of the world’s largest and fastest public DNS resolvers. Your users’ public DNS requests will be resolved by that same resolution engine — whether they are connecting from a network pointing its resolvers to Cloudflare or an endpoint running the WARP client.
Start module -
Build network security policies
After creating policies for security based on DNS resolution, we can layer in additional security controls with the Gateway network firewall, which operates at Layer 4 of the OSI model. The Gateway network firewall allows you to build specific policies to block users or services’ ability to connect to endpoints at specific IPs or on specific ports. You can also use Protocol Detection ↗ to block proxying specific protocols.
Start moduleContains 1 units
-
Build HTTP security policies
After securing your organization’s DNS queries and network level traffic, you can begin implementing advanced security controls for web traffic by inspecting HTTPS and taking actions based on the full URL or the body of HTTP requests.
Start module -
Control traffic egress with source IP anchoring and allowlisting
Now that you have created firewall policies to secure your organization, you can begin creating egress policies to control what IP address your users egress to the Internet with.
Start module -
Secure SaaS applications
Start module