|
| 1 | +--- |
| 2 | +pcx_content_type: how-to |
| 3 | +title: Private network applications (legacy) |
| 4 | +sidebar: |
| 5 | + order: 4 |
| 6 | + label: Private network applications (legacy) |
| 7 | +--- |
| 8 | + |
| 9 | +:::note |
| 10 | +Not recommended for new deployments. We recommend using a [self-hosted application](/cloudflare-one/applications/non-http/self-hosted-private-app/) to secure a private IP address. |
| 11 | +::: |
| 12 | + |
| 13 | +You can configure a **Private Network** application to manage access to specific applications on your private network. |
| 14 | + |
| 15 | +To create a private network application: |
| 16 | + |
| 17 | +1. In [Zero Trust](https://one.dash.cloudflare.com), go to **Access** > **Applications** > **Add an application**. |
| 18 | + |
| 19 | +2. Select **Private Network**. |
| 20 | + |
| 21 | +3. Name your application. |
| 22 | + |
| 23 | +4. For **Application type**, select _Destination IP_. |
| 24 | + |
| 25 | +5. For **Value**, enter the IP address for your application (for example, `10.128.0.7`). |
| 26 | + :::note |
| 27 | + If you would like to create a policy for an IP/CIDR range instead of a specific IP address, you can build a [Gateway Network policy](/cloudflare-one/policies/gateway/network-policies/) using the **Destination IP** selector. |
| 28 | + ::: |
| 29 | + |
| 30 | +6. Configure your [App Launcher](/cloudflare-one/applications/app-launcher/) visibility and logo. |
| 31 | + |
| 32 | +7. Select **Next**. You will see two auto-generated Gateway Network policies: one that allows access to the destination IP and another that blocks access. |
| 33 | + |
| 34 | +8. Modify the policies to include additional identity-based conditions. For example: |
| 35 | + |
| 36 | + - **Policy 1** |
| 37 | + |
| 38 | + | Selector | Operator | Value | Logic | Action | |
| 39 | + | -------------- | ------------- | ---------------- | ----- | ------ | |
| 40 | + | Destination IP | in | `10.128.0.7` | And | Allow | |
| 41 | + | User Email | matches regex | `.*@example.com` | | | |
| 42 | + |
| 43 | + - **Policy 2** |
| 44 | + |
| 45 | + | Selector | Operator | Value | Action | |
| 46 | + | -------------- | -------- | ------------ | ------ | |
| 47 | + | Destination IP | in | `10.128.0.7` | Block | |
| 48 | + |
| 49 | + Policies are evaluated in [numerical order](/cloudflare-one/policies/gateway/order-of-enforcement/#order-of-precedence), so a user with an email ending in @example.com will be able to access `10.128.0.7` while all others will be blocked. For more information on building network policies, refer to our [dedicated documentation](/cloudflare-one/policies/gateway/network-policies/). |
| 50 | + |
| 51 | +9. Select **Add application**. |
| 52 | + |
| 53 | +Your application will appear on the **Applications** page. |
0 commit comments