Migrate from Zone Lockdown
Some teams use Cloudflare's Zone Lockdown feature alongside their Virtual Private Network deployment to only allow IP ranges in that VPN to connect to applications. This model relies on IP ranges, rather than identity, to control who can reach sensitive applications.
Cloudflare Access can replace Zone Lockdown deployments with a zero-trust model built on your team's SSO. The migration takes less than 10 minutes. Once cutover, end users can deprecate their VPN client and administrators have more granular control and logging over user connections.
specifies a list of one or more IP addresses, CIDR ranges, or networks that are the only IPs allowed to access a domain, subdomain, or URL. Zone Lockdown allows multiple destinations in a single rule as well as IPv4 and IPv6 addresses. IP addresses not specified in the Zone Lockdown rule are denied access to the specified resources.
Migration to Cloudflare Access
- Navigate to the . Enable Cloudflare Access for your account.
- your organization's identity provider.
Applicationsto begin building an identity-based policy.
- Choose the hostname protected by Zone Lockdown today. to only allow connections from users in your organization. Test the connection from an IP allowed by your Zone Lockdown policy.
- Return to the Firewall tab of the Cloudflare dashboard and remove the Zone Lockdown policies.