Skip to content

Secure your Internet traffic and SaaS apps

Provide your users and networks with a secure, performant, and flexible path to the Internet.

Start path
  1. Concepts

    Learn the core concepts of using Cloudflare Zero Trust functionality to provide granular security policy for devices and networks accessing the Internet.

    Start module

    Contains 1 units

    1. What security features does Cloudflare provide?
  2. Get started with Zero Trust

    Start module

    Contains 4 units

    1. Prerequisites
    2. Create a Cloudflare account
    3. Create a Zero Trust organization
    4. Configure an identity provider
  3. Connect devices and networks to Cloudflare

    After setting up your Cloudflare account and Zero Trust organization, you can begin connecting your users' devices and networks to Cloudflare.

    Start module

    Contains 4 units

    1. Choose an on-ramp
    2. Download and install WARP
    3. MDM deployment
    4. Verify device connectivity
  4. Configure the device agent

    The Cloudflare WARP client (known as the Cloudflare One Agent in mobile app stores) encrypts designated traffic from a user's device to Cloudflare's global network. In this learning path, we will first define all of your parameters and deployment rules, and then we will install and connect the client. If you prefer to start the client download now, refer to Download WARP.

    Start module

    Contains 6 units

    1. Define device enrollment permissions
    2. Customize device profiles
    3. Proxy traffic through Gateway
    4. Define Split Tunnel settings
    5. Resolve private DNS
    6. Determine when to use PAC files
  5. Understand and streamline policy creation

    Start module

    Contains 3 units

    1. Order of enforcement
    2. Create a list of IPs or domains
    3. Use indicator feeds to improve security policies
  6. Build DNS security policies

    DNS security is an important, wide-reaching, and early action in the lifecycle of a request. Cloudflare operates one of the world's largest and fastest public DNS resolvers. Your users' public DNS requests will be resolved by that same resolution engine -- whether they are connecting from a network pointing its resolvers to Cloudflare or an endpoint running the WARP client.

    Start module

    Contains 5 units

    1. Create your first DNS policy
    2. Create an allowlist or blocklist
    3. Recommended DNS policies
    4. Onboard DNS for a network
    5. Test a policy
  7. Build network security policies

    After creating policies for security based on DNS resolution, we can layer in additional security controls with the Gateway network firewall, which operates at Layer 4 of the OSI model. The Gateway network firewall allows you to build specific policies to block users or services' ability to connect to endpoints at specific IPs or on specific ports. You can also use Protocol Detection ↗ to block proxying specific protocols.

    Start module

    Contains 2 units

    1. Create your first network policy
    2. Recommended network policies
  8. Build HTTP security policies

    After securing your organization's DNS queries and network level traffic, you can begin implementing advanced security controls for web traffic by inspecting HTTPS and taking actions based on the full URL or the body of HTTP requests.

    Start module

    Contains 5 units

    1. Use TLS inspection
    2. Create your first HTTP policy
    3. Build Data Loss Prevention (DLP) policies
    4. Configure Browser Isolation
    5. Recommended HTTP policies
  9. Control traffic egress with source IP anchoring and allowlisting

    Now that you have created firewall policies to secure your organization, you can begin creating egress policies to control what IP address your users egress to the Internet with.

    Start module

    Contains 3 units

    1. Source IP anchoring
    2. Egress IP best practices
    3. Use egress policies to deliver consistent egress IPs
  10. Secure SaaS applications

    Start module

    Contains 4 units

    1. SaaS security overview
    2. Single sign-on front door controls
    3. Layer security methods
    4. Scan SaaS applications with Cloudflare CASB