Skip to content

Commit 3890ded

Browse files
ranbelranbel
committed
update policy guidelines
1 parent ff4f1bb commit 3890ded

File tree

1 file changed

+4
-2
lines changed
  • src/content/docs/cloudflare-one/connections/connect-networks/private-net/cloudflared

1 file changed

+4
-2
lines changed

src/content/docs/cloudflare-one/connections/connect-networks/private-net/cloudflared/connect-cidr.mdx

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -27,15 +27,17 @@ To connect your infrastructure with Cloudflare Tunnel:
2727

2828
## 4. (Recommended) Filter network traffic with Gateway
2929

30-
By default, all WARP devices enrolled in your Zero Trust organization can connect to your private network through Cloudflare Tunnel. You can configure Gateway inspect your network traffic and either block or allow access based on user identity and device posture.
30+
By default, all WARP devices enrolled in your Zero Trust organization can connect to your private network through Cloudflare Tunnel. You can configure Gateway to inspect your network traffic and either block or allow access based on user identity and device posture.
3131

3232
### Enable the Gateway proxy
3333

3434
<Render file="tunnel/enable-gateway-proxy" />
3535

3636
### Zero Trust policies
3737

38-
Cloudflare Zero Trust allows you to configure security policies using either Access or Gateway. If you have applications clearly defined by IPs or hostnames, we recommend [creating an Access application](/cloudflare-one/applications/non-http/self-hosted-private-app/) and managing user access alongside your SaaS and other web apps. Alternatively, if you prefer to secure a private network using a traditional firewall model, you can build Gateway [network and DNS policies](/learning-paths/replace-vpn/build-policies/) for IP ranges and domains.
38+
To prevent WARP users from accessing your entire private network, we recommend creating a [catch-all block policy](/learning-paths/replace-vpn/build-policies/create-policy/#catch-all-policy) for your private IP space. You can then layer on higher priority Allow policies which grant users access to specific applications or IPs.
39+
40+
If you have applications clearly defined by IPs or hostnames, we recommend [creating an Access application](/cloudflare-one/applications/non-http/self-hosted-private-app/) and managing user access alongside your SaaS and other web apps. Alternatively, if you prefer to secure a private network using a traditional firewall model, you can build Gateway [network and DNS policies](/learning-paths/replace-vpn/build-policies/) for IP ranges and domains.
3941

4042
## 5. Connect as a user
4143

0 commit comments

Comments
 (0)