Skip to content

Cloudflare Docs

Docs Directory APIs SDKs

Select theme

Cloudflare Zero Trust

Overview
Get started
Implementation guides
Identity
- Overview
- One-time PIN login
- Device posture
  - Overview
  - WARP client checks
    
    Overview
    Application check
    Carbon Black
    Client certificate
    Device serial numbers
    Device UUID
    Disk encryption
    Domain joined
    File check
    Firewall
    OS version
    Require Gateway
    Require WARP
    SentinelOne
  - Service providers
    
    Overview
    Custom integration
    CrowdStrike
    Kolide
    Microsoft Endpoint Manager
    SentinelOne
    Tanium
    Uptycs
    Workspace ONE
  - Access integrations
    
    Overview
    Mutual TLS
    Tanium
- User management
- Service tokens
- Authorization cookie
- SSO integration
Connections
- Overview
- Cloudflare Tunnel
  - Overview
  - Get started
    
    Overview
    Create a tunnel (dashboard)
    Create a tunnel (API)
    Useful terms
  - Downloads
    
    Overview
    Update cloudflared
    License
    Copyrights
  - Configure a tunnel
    
    Configure cloudflared parameters
    
    Overview
    Tunnel run parameters
    Origin configuration parameters
    
    Tunnel with firewall
    
    Tunnel availability and failover
    
    Overview
    System requirements
    
    Tunnel permissions
  - Use cases
    
    Overview
    
    SSH
    
    Overview
    SSH with Access for Infrastructure
    Self-managed SSH keys
    Browser-rendered SSH terminal
    SSH with client-side cloudflared (legacy)
    
    RDP
    
    Overview
    Browser-based RDP Beta
    RDP with WARP client
    RDP with client-side cloudflared
    
    SMB
    gRPC
  - Environments
    
    Overview
    Ansible
    AWS
    Azure
    GCP
    Kubernetes
    Terraform
  - Private networks
    
    Overview
    
    Connect private networks
    
    Overview
    Private DNS
    Virtual networks
    Load balancing
    
    Peer-to-peer connectivity
    
    WARP Connector
    
    Overview Beta
    Site-to-Internet
    Site-to-site
    User-to-site
    VPC deployments
  - Public hostnames
    
    Overview
    DNS records
    Load balancing
  - Monitor tunnels
    
    Overview
    Log streams
    Notifications
    Metrics
  - Troubleshoot tunnels
    
    Overview
    Diagnostic logs
    Private network connectivity
    Common errors
  - Do more with Tunnel
    
    Overview
    
    Locally-managed tunnels
    
    Overview
    Create a locally-managed tunnel
    Configuration file
    
    Run as a service
    
    Overview
    Linux
    macOS
    Windows
    
    Useful commands
    Tunnel permissions
    Useful terms
    
    Migrate legacy tunnels
    Quick Tunnels
- Connect devices
  - Overview
  - WARP
    
    Overview
    
    Download WARP
    
    Stable releases
    Beta releases
    Update WARP
    Migrate 1.1.1.1 app
    
    First-time setup
    
    Deploy WARP
    
    Overview
    
    Managed deployment
    
    Overview
    
    Partners
    
    Overview
    Fleet
    Hexnode
    Intune
    Jamf
    JumpCloud
    Kandji
    
    Parameters
    Connect WARP before Windows login
    Multiple users on a Windows device
    Switch between Zero Trust organizations
    
    Manual deployment
    Device enrollment permissions
    WARP with firewall
    WARP with legacy VPN
    
    Configure WARP
    
    Overview
    Device profiles
    
    WARP modes
    
    Overview
    Enable Device Information Only
    
    WARP settings
    
    Overview
    Captive portal detection
    
    Managed networks
    
    Route traffic
    
    Overview
    Local Domain Fallback
    Split Tunnels
    WARP architecture
    
    WARP sessions
    
    Troubleshoot WARP
    
    Overview
    Common issues
    Client errors
    Diagnostic logs
    Known limitations
    Connectivity status
    
    Remove WARP
  - Agentless options
    
    Overview
    
    DNS
    
    Locations
    
    Add locations
    DNS resolver IPs and hostnames
    
    DNS over TLS (DoT)
    DNS over HTTPS (DoH)
    
    PAC files
  - User-side certificates
    
    Overview
    Install certificate using WARP
    Install certificate manually
    Deploy custom certificate
Applications
- Overview
- Add web applications
- Non-HTTP applications
- Cloud Access Security Broker
  - Overview
  - Manage findings
  - Available integrations
    
    Overview
    Amazon Web Services (AWS) S3
    Atlassian Confluence
    Atlassian Jira
    Bitbucket Cloud
    Box
    Dropbox
    GitHub
    Google Cloud Platform (GCP) Cloud Storage
    
    Google Workspace
    
    Overview
    Gmail
    Google Admin
    Google Calendar
    Google Drive
    Gmail (FedRAMP)
    Google Admin (FedRAMP)
    Google Calendar (FedRAMP)
    Google Drive (FedRAMP)
    
    Microsoft 365
    
    Overview
    Admin Center
    OneDrive
    Outlook
    SharePoint
    Admin Center (FedRAMP)
    OneDrive (FedRAMP)
    Outlook (FedRAMP)
    SharePoint (FedRAMP)
    
    Salesforce
    Salesforce (FedRAMP)
    ServiceNow
    ServiceNow (FedRAMP)
    Slack
  - Scan for sensitive data
  - Troubleshooting
    
    Troubleshoot integrations
    Troubleshoot compute accounts
- Login page
- Block page
- Add bookmarks
- App Launcher
Policies
- Overview
- Secure Web Gateway
  - Overview
  - Get started
    
    DNS filtering
    Network filtering
    HTTP filtering
  - DNS policies
    
    Overview
    Common policies
    Test DNS filtering
    Timed DNS policies
  - Network policies
    
    Overview
    Common policies
    Protocol detection
    SSH proxy and command logs (legacy)
  - HTTP policies
    
    Overview
    Common policies
    TLS decryption
    HTTP/3 inspection
    Tenant control
    AV scanning
    File sandboxing
    WebSocket traffic
  - Egress policies
    
    Overview
    Dedicated egress IPs
  - Resolver policies Beta
  - Identity-based policies
  - Global policies
  - Applications and app types
  - Domain categories
  - Order of enforcement
  - Proxy
  - Lists
  - Block page
  - Managed service providers (MSPs)
- Access
- Browser Isolation
  - Overview
  - Set up Browser Isolation
    
    Get started
    Clientless Web Isolation
    Non-identity on-ramps
  - Isolation policies
  - Extensions
  - Accessibility
  - Browser Isolation with firewall
  - Known limitations
- Data Loss Prevention
  - Overview
  - Scan HTTP traffic
    
    Create DLP policies
    Common policies
    Logging options
  - Scan SaaS apps ↗
  - DLP profiles
    
    Configure DLP profiles
    Predefined profiles
    Integration profiles
    Profile settings
  - DLP datasets
Insights
- Analytics
- DEX
- Logs
  - Overview
  - User logs
  - Access audit logs
  - Gateway activity logs
    
    Overview
    Manage PII
  - SCIM logs
  - Tunnel audit logs
  - Posture logs
  - Logpush integration
  - Enable Email Security logs
- Risk score
Email Security
- Overview
- Retro Scan
- Setup
  - Before you begin
  - Post-delivery deployment
    
    API deployment
    
    Overview
    Set up with Microsoft 365
    
    BCC/Journaling
    
    BCC setup
    
    Gmail BCC setup
    
    Overview
    Enable Gmail BCC integration
    Connect your domains
    Add BCC rules
    Enable auto-moves
    
    Microsoft Exchange BCC setup
    
    Journaling setup
    
    Microsoft 365 journaling setup
    Manually add domains
  - Pre-delivery deployment
    
    Prerequisites
    
    Microsoft 365 as MX Record
    
    Overview
    
    Use cases
    
    1 - Junk email and Email Security Admin Quarantine
    2 - Junk email and user managed quarantine
    3 - Junk email and administrative quarantine
    4 - User managed quarantine and administrative quarantine
    5 - Junk email folder and administrative quarantine
    
    Google Workspace as MX Record
    Cisco - Email Security as MX Record
    Cisco - Cisco as MX Record
    
    MX/Inline deployment
    Set up MX/Inline deployment
    Egress IPs
    Partner domain TLS
  - Manage domains
- Email monitoring
- Directories
  - Overview
  - Manage integrated directories
    
    Manage groups in your directory
    Manage users in your directory
  - Manage Email Security directories
- Detection settings
- Auto-move events
- Phish submissions
- Outbound Data Loss Prevention (DLP)
- PhishGuard
- Reference
API and Terraform
Reference architecture ↗
Tutorials
Videos
Account limits
Roles and permissions
Glossary
Changelog
FAQ

GitHub X.com YouTube

Select theme

On this page

Overview

On this page

Overview

Was this helpful?

Products
Cloudflare Zero Trust
Connections
Connect devices
Agentless options
DNS

DNS

Locations
DNS over TLS (DoT)
DNS over HTTPS (DoH)

Was this helpful?

Last updated: Sep 10, 2024

Resources
API
New to Cloudflare?
Products
Sponsorships
Open Source

Support
Help Center
System Status
Compliance
GDPR

Company
cloudflare.com
Our team
Careers

Tools
Cloudflare Radar
Speed Test
Is BGP Safe Yet?
RPKI Toolkit
Certificate Transparency

Community
X
Discord
YouTube
GitHub

2025 Cloudflare, Inc.
Privacy Policy
Terms of Use
Report Security Issues
Trademark