With Cloudflare Zero Trust, you can connect private networks and the services running in those networks to Cloudflare’s global network. This involves installing a on the private network, and then which define the IP addresses available in that environment. Unlike , private network routes can expose both HTTP and non-HTTP resources.
To reach private network IPs, end users must connect their device to Cloudflare and enroll in your Zero Trust organization. The most common method is to install the on their device, or you can onboard their network traffic to Cloudflare using our or .
Here are the different ways you can connect your private network to Cloudflare:
- installs on a server in your private network to create a secure, outbound tunnel to Cloudflare. Cloudflare Tunnel using
cloudflaredonly proxies traffic initiated from a user to a server. Any service or application running behind the tunnel will use the server’s default routing table for server-initiated connectivity.
- uses the to establish peer-to-peer connectivity between two or more devices. Each device running WARP can access services on any other device running WARP via an assigned virtual IP address.
- installs on a Linux server in your private network to establish site-to-site, bidirectional, and mesh networking connectivity. The WARP connector acts as a subnet router to relay client-initiated and server-initiated traffic between all devices on a private network and Cloudflare.
- relies on configuring legacy networking equipment to establish Anycast GRE or IPsec tunnels between an entire network location and Cloudflare.