Enterprise customers can purchase a dedicated egress IP (IPv4 and IPv6) or range of IPs geolocated to one or more Cloudflare network locations.
This allows your egress traffic to geolocate to the city selected in your egress policies.
You are able to configure SSH proxy and command logs. Generate a Hybrid Public Key Encryption (HPKE) key pair and upload the public key sshkey.pub to your dashboard. All proxied SSH commands are immediately encrypted using this public key. The matching private key – which is in your possession – is required to view logs.
By default, Cloudflare will store and deliver logs from data centers across our global network. To maintain regional control over your data, you can use Customer Metadata Boundary and restrict data storage to a specific geographic region. For more information refer to the section about Logpush datasets supported.
Customers also have the option to reduce the logs that Cloudflare stores:
To ensure that all reverse proxy requests for applications protected by Cloudflare Access will only occur in FedRAMP-compliant data centers, you should use Regional Services with the region set to FedRAMP.