Private network applications (legacy)
You can configure a Private Network application to manage access to specific applications on your private network.
To create a private network application:
-
In Zero Trust ↗, go to Access > Applications > Add an application.
-
Select Private Network.
-
Name your application.
-
For Application type, select Destination IP.
-
For Value, enter the IP address for your application (for example,
10.128.0.7
). -
Configure your App Launcher visibility and logo.
-
Select Next. You will see two auto-generated Gateway Network policies: one that allows access to the destination IP and another that blocks access.
-
Modify the policies to include additional identity-based conditions. For example:
-
Policy 1
Selector Operator Value Logic Action Destination IP in 10.128.0.7
And Allow User Email matches regex .*@example.com
-
Policy 2
Selector Operator Value Action Destination IP in 10.128.0.7
Block
Policies are evaluated in numerical order, so a user with an email ending in @example.com will be able to access
10.128.0.7
while all others will be blocked. For more information on building network policies, refer to our dedicated documentation. -
-
Select Add application.
Your application will appear on the Applications page.
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Products
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark