Clientless Web Isolation
Clientless Web Isolation allows you to on-ramp user traffic to your private network without needing to install the WARP client. Users access private applications by going to a prefixed URL:
https://<your-team-name>.cloudflareaccess.com/browser/<URL>
After the user authenticates to your IdP, Cloudflare will load the application in a secure remote browser and apply your Gateway firewall policies to user traffic.
Setup
To configure Clientless Web Isolation for Zero Trust Web Access, refer to this tutorial.
Best practices
- For guidance on building Gateway policies for private network applications, refer to Secure your first application.
- If you already deployed the WARP client to some devices as part of a mixed-access methodology, ensure that your Gateway firewall policies do not rely on device posture checks. Because Clientless Web Isolation is not a machine in your fleet, it will not return any values for device posture checks.
- You can standardize the user experience by making specific applications available in your App Launcher as bookmarks. In this case, you would create a new bookmark for
https://<team-name>.cloudflareaccess.com/browser/https://internalresource.com
, which would take users directly to an isolated session with your application.