Secure your Internet traffic and SaaS apps
Learning path
Provide your users and networks with a secure, performant, and flexible path to the Internet.
Modules: 11 Reading time: 85 min
Concepts
Learn the core concepts of using Cloudflare Zero Trust functionality to provide granular security policy for devices and networks accessing the Internet.
Get started with Zero Trust
Start securing your users and networks with Cloudflare Zero Trust.
Configure the device agent
The following steps are identical to Configure the device agent in the Replace your VPN implementation guide. If you have already completed Replace your VPN, you can skip ahead to Determine when to use PAC files.
Connect user devices
After setting up your Cloudflare account and Zero Trust organization, you can begin connecting user devices to Cloudflare.
Connect networks to Cloudflare
After connecting your devices to Cloudflare, you can route their traffic through your DNS, network, and HTTP policies. However, not every device can run a Zero Trust client. This module offers detail on connecting your networks to the Cloudflare …
Understand and streamline policy creation
Before you begin building security policies, there are a few key details about Gateway to review.
Build DNS security policies
DNS security is an important, wide-reaching, and early action in the lifecycle of a request. Cloudflare operates one of the world’s largest and fastest public DNS resolvers. Your users’ public DNS requests will be resolved by that same resolution …
Build network security policies
After creating policies for security based on DNS resolution, we can layer in additional security controls with the Gateway network firewall, which operates at Layer 4 of the OSI model. The Gateway network firewall allows you to build specific …
Build HTTP security policies
After securing your organization’s DNS queries and network level traffic, you can begin implementing advanced security controls for web traffic by inspecting HTTPS and taking actions based on the full URL or the body of HTTP requests.
Control traffic egress with source IP anchoring and allowlisting
Now that you have created firewall policies to secure your organization, you can begin creating egress policies to control what IP address your users egress to the Internet with.
Secure SaaS applications
Now that you have deployed dedicated egress IPs and created egress policies to anchor your source IPs, you can integrate Cloudflare with your SSO provider and secure your SaaS applications.