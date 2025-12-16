Consider the following steps to learn how to configure Private Network Load Balancing solution, using Cloudflare Tunnel as the off-ramp to securely connect to your private or internal services.

1. Configure a Cloudflare tunnel with an assigned virtual network

The specific configuration steps can vary depending on your infrastructure and services you are looking to connect. If you are not familiar with Cloudflare Tunnel, the pages linked on each step provide more guidance.

Create a tunnel to connect your data center to Cloudflare. Create a virtual network and assign it to the tunnel you configured in the previous step.

Dashboard

cli To create a virtual network: Within the Zero Trust dashboard ↗ , go to Settings > WARP Client and find the Virtual networks setting. Select Add new or Manage > Create virtual network to create virtual networks. Define your virtual network name and select Save. To assign the virtual network to the tunnel: Go to Networks > Tunnels. Select the tunnel you created in the previous steps and select Configure. Under Private Network, select Add a private network. Specify an IP range under CIDR and select the virtual network under Additional settings. Select Save private network. To create a virtual network: Terminal window cloudflared tunnel vnet add <VNET_NAME> To assign the virtual network to the tunnel: Terminal window cloudflared tunnel route ip add --vnet <VNET_NAME> <IP_RANGE> <TUNNEL_NAME>

2. Configure Cloudflare Load Balancing

Once you have Cloudflare tunnels with associated virtual networks (VNets) configured, the VNets can be specified for each endpoint when you create or edit a pool. This will enable Cloudflare load balancers to use the correct tunnel and securely reach the private IP endpoints.

The specific configuration will vary depending on your use case. Refer to the following steps to understand the workflow.

Create the Load Balancing monitor according to your needs. Create the pool specifying your private IP addresses and corresponding virtual networks.

Note Currently, Cloudflare does not support entering the same endpoint IP addresses more than once, even when using different virtual networks.

All endpoints with private IPs must have virtual_network_id specified.

Create the load balancer, specifying the pool and monitor you created in the previous steps, as well as the desired global traffic steering policies and custom rules.